diff --git a/programs/.gitignore b/programs/.gitignore index 32ca900da..cf7b0d807 100644 --- a/programs/.gitignore +++ b/programs/.gitignore @@ -13,6 +13,10 @@ pkey/ecdsa pkey/key_app pkey/key_app_writer pkey/mpi_demo +pkey/pk_decrypt +pkey/pk_encrypt +pkey/pk_sign +pkey/pk_verify pkey/rsa_decrypt pkey/rsa_encrypt pkey/rsa_genkey diff --git a/programs/Makefile b/programs/Makefile index cf9df0d1a..cf97943ec 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -26,7 +26,9 @@ APPS = aes/aescrypt2 aes/crypt_and_hash \ hash/sha2sum pkey/dh_client \ pkey/dh_genprime pkey/dh_server \ pkey/key_app pkey/key_app_writer \ - pkey/mpi_demo pkey/rsa_genkey \ + pkey/mpi_demo pkey/pk_decrypt \ + pkey/pk_encrypt pkey/pk_sign \ + pkey/pk_verify pkey/rsa_genkey \ pkey/rsa_decrypt pkey/rsa_encrypt \ pkey/rsa_sign pkey/rsa_verify \ pkey/rsa_sign_pss pkey/rsa_verify_pss \ @@ -107,6 +109,22 @@ pkey/mpi_demo: pkey/mpi_demo.c ../library/libpolarssl.a echo " CC pkey/mpi_demo.c" $(CC) $(CFLAGS) $(OFLAGS) pkey/mpi_demo.c $(LDFLAGS) -o $@ +pkey/pk_decrypt: pkey/pk_decrypt.c ../library/libpolarssl.a + echo " CC pkey/pk_decrypt.c" + $(CC) $(CFLAGS) $(OFLAGS) pkey/pk_decrypt.c $(LDFLAGS) -o $@ + +pkey/pk_encrypt: pkey/pk_encrypt.c ../library/libpolarssl.a + echo " CC pkey/pk_encrypt.c" + $(CC) $(CFLAGS) $(OFLAGS) pkey/pk_encrypt.c $(LDFLAGS) -o $@ + +pkey/pk_sign: pkey/pk_sign.c ../library/libpolarssl.a + echo " CC pkey/pk_sign.c" + $(CC) $(CFLAGS) $(OFLAGS) pkey/pk_sign.c $(LDFLAGS) -o $@ + +pkey/pk_verify: pkey/pk_verify.c ../library/libpolarssl.a + echo " CC pkey/pk_verify.c" + $(CC) $(CFLAGS) $(OFLAGS) pkey/pk_verify.c $(LDFLAGS) -o $@ + pkey/rsa_genkey: pkey/rsa_genkey.c ../library/libpolarssl.a echo " CC pkey/rsa_genkey.c" $(CC) $(CFLAGS) $(OFLAGS) pkey/rsa_genkey.c $(LDFLAGS) -o $@ diff --git a/programs/pkey/CMakeLists.txt b/programs/pkey/CMakeLists.txt index 015505b65..39e34940f 100644 --- a/programs/pkey/CMakeLists.txt +++ b/programs/pkey/CMakeLists.txt @@ -40,6 +40,18 @@ target_link_libraries(rsa_encrypt polarssl) add_executable(rsa_decrypt rsa_decrypt.c) target_link_libraries(rsa_decrypt polarssl) -install(TARGETS dh_client dh_genprime dh_server key_app mpi_demo rsa_genkey rsa_sign rsa_verify rsa_encrypt rsa_decrypt +add_executable(pk_sign pk_sign.c) +target_link_libraries(pk_sign polarssl) + +add_executable(pk_verify pk_verify.c) +target_link_libraries(pk_verify polarssl) + +add_executable(pk_encrypt pk_encrypt.c) +target_link_libraries(pk_encrypt polarssl) + +add_executable(pk_decrypt pk_decrypt.c) +target_link_libraries(pk_decrypt polarssl) + +install(TARGETS dh_client dh_genprime dh_server key_app mpi_demo rsa_genkey rsa_sign rsa_verify rsa_encrypt rsa_decrypt pk_encrypt pk_decrypt pk_sign pk_verify DESTINATION "bin" PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) diff --git a/programs/pkey/pk_decrypt.c b/programs/pkey/pk_decrypt.c new file mode 100644 index 000000000..416bbeccc --- /dev/null +++ b/programs/pkey/pk_decrypt.c @@ -0,0 +1,156 @@ +/* + * Public key-based simple decryption program + * + * Copyright (C) 2006-2013, Brainspark B.V. + * + * This file is part of PolarSSL (http://www.polarssl.org) + * Lead Maintainer: Paul Bakker + * + * All rights reserved. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#ifndef _CRT_SECURE_NO_DEPRECATE +#define _CRT_SECURE_NO_DEPRECATE 1 +#endif + +#include +#include + +#include "polarssl/config.h" + +#include "polarssl/error.h" +#include "polarssl/pk.h" +#include "polarssl/entropy.h" +#include "polarssl/ctr_drbg.h" + +#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_PK_PARSE_C) || \ + !defined(POLARSSL_FS_IO) || !defined(POLARSSL_ENTROPY_C) || \ + !defined(POLARSSL_CTR_DRBG_C) +int main( int argc, char *argv[] ) +{ + ((void) argc); + ((void) argv); + + printf("POLARSSL_BIGNUM_C and/or POLARSSL_PK_PARSE_C and/or " + "POLARSSL_FS_IO and/or POLARSSL_ENTROPY_C and/or " + "POLARSSL_CTR_DRBG_C not defined.\n"); + return( 0 ); +} +#else +int main( int argc, char *argv[] ) +{ + FILE *f; + int ret, c; + size_t i, olen = 0; + pk_context pk; + entropy_context entropy; + ctr_drbg_context ctr_drbg; + unsigned char result[1024]; + unsigned char buf[512]; + const char *pers = "pk_decrypt"; + ((void) argv); + + memset(result, 0, sizeof( result ) ); + ret = 1; + + if( argc != 2 ) + { + printf( "usage: pk_decrypt \n" ); + +#if defined(_WIN32) + printf( "\n" ); +#endif + + goto exit; + } + + printf( "\n . Seeding the random number generator..." ); + fflush( stdout ); + + entropy_init( &entropy ); + if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy, + (const unsigned char *) pers, + strlen( pers ) ) ) != 0 ) + { + printf( " failed\n ! ctr_drbg_init returned %d\n", ret ); + goto exit; + } + + printf( "\n . Reading private key from '%s'", argv[1] ); + fflush( stdout ); + + pk_init( &pk ); + + if( ( ret = pk_parse_keyfile( &pk, argv[1], "" ) ) != 0 ) + { + polarssl_strerror( ret, (char *) buf, sizeof(buf) ); + printf( " failed\n ! pk_parse_keyfile returned -0x%04x - %s\n\n", -ret, + buf ); + goto exit; + } + + /* + * Extract the RSA encrypted value from the text file + */ + ret = 1; + + if( ( f = fopen( "result-enc.txt", "rb" ) ) == NULL ) + { + printf( "\n ! Could not open %s\n\n", "result-enc.txt" ); + goto exit; + } + + i = 0; + + while( fscanf( f, "%02X", &c ) > 0 && + i < (int) sizeof( buf ) ) + buf[i++] = (unsigned char) c; + + fclose( f ); + + /* + * Decrypt the encrypted RSA data and print the result. + */ + printf( "\n . Decrypting the encrypted data" ); + fflush( stdout ); + + if( ( ret = pk_decrypt( &pk, buf, i, result, &olen, sizeof(result), + ctr_drbg_random, &ctr_drbg ) ) != 0 ) + { + polarssl_strerror( ret, (char *) buf, sizeof(buf) ); + printf( " failed\n ! pk_decrypt returned -0x%04x - %s\n\n", -ret, + buf ); + goto exit; + } + + printf( "\n . OK\n\n" ); + + printf( "The decrypted result is: '%s'\n\n", result ); + + ret = 0; + +exit: + +#if defined(_WIN32) + printf( " + Press Enter to exit this program.\n" ); + fflush( stdout ); getchar(); +#endif + + return( ret ); +} +#endif /* POLARSSL_BIGNUM_C && POLARSSL_PK_PARSE_C && POLARSSL_FS_IO && + POLARSSL_ENTROPY_C && POLARSSL_CTR_DRBG_C */ diff --git a/programs/pkey/pk_encrypt.c b/programs/pkey/pk_encrypt.c new file mode 100644 index 000000000..5d7d1e036 --- /dev/null +++ b/programs/pkey/pk_encrypt.c @@ -0,0 +1,155 @@ +/* + * RSA simple data encryption program + * + * Copyright (C) 2006-2011, Brainspark B.V. + * + * This file is part of PolarSSL (http://www.polarssl.org) + * Lead Maintainer: Paul Bakker + * + * All rights reserved. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#ifndef _CRT_SECURE_NO_DEPRECATE +#define _CRT_SECURE_NO_DEPRECATE 1 +#endif + +#include +#include + +#include "polarssl/config.h" + +#include "polarssl/error.h" +#include "polarssl/pk.h" +#include "polarssl/entropy.h" +#include "polarssl/ctr_drbg.h" + +#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_PK_PARSE_C) || \ + !defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_FS_IO) || \ + !defined(POLARSSL_CTR_DRBG_C) +int main( int argc, char *argv[] ) +{ + ((void) argc); + ((void) argv); + + printf("POLARSSL_BIGNUM_C and/or POLARSSL_PK_PARSE_C and/or " + "POLARSSL_ENTROPY_C and/or POLARSSL_FS_IO and/or " + "POLARSSL_CTR_DRBG_C not defined.\n"); + return( 0 ); +} +#else +int main( int argc, char *argv[] ) +{ + FILE *f; + int ret; + size_t i, olen = 0; + pk_context pk; + entropy_context entropy; + ctr_drbg_context ctr_drbg; + unsigned char input[1024]; + unsigned char buf[512]; + const char *pers = "pk_encrypt"; + + ret = 1; + + if( argc != 3 ) + { + printf( "usage: pk_encrypt \n" ); + +#if defined(_WIN32) + printf( "\n" ); +#endif + + goto exit; + } + + printf( "\n . Seeding the random number generator..." ); + fflush( stdout ); + + entropy_init( &entropy ); + if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy, + (const unsigned char *) pers, + strlen( pers ) ) ) != 0 ) + { + polarssl_strerror( ret, (char *) buf, sizeof(buf) ); + printf( " failed\n ! ctr_drbg_init returned -0x%04x - %s\n\n", -ret, buf ); + goto exit; + } + + printf( "\n . Reading public key from '%s'", argv[1] ); + fflush( stdout ); + + pk_init( &pk ); + + if( ( ret = pk_parse_public_keyfile( &pk, argv[1] ) ) != 0 ) + { + polarssl_strerror( ret, (char *) buf, sizeof(buf) ); + printf( " failed\n ! pk_parse_public_keyfile returned -0x%04x - %s\n\n", -ret, buf ); + goto exit; + } + + if( strlen( argv[2] ) > 100 ) + { + printf( " Input data larger than 100 characters.\n\n" ); + goto exit; + } + + memcpy( input, argv[2], strlen( argv[2] ) ); + + /* + * Calculate the RSA encryption of the hash. + */ + printf( "\n . Generating the encrypted value" ); + fflush( stdout ); + + if( ( ret = pk_encrypt( &pk, input, strlen( argv[2] ), + buf, &olen, sizeof(buf), + ctr_drbg_random, &ctr_drbg ) ) != 0 ) + { + polarssl_strerror( ret, (char *) buf, sizeof(buf) ); + printf( " failed\n ! pk_encrypt returned -0x%04x - %s\n\n", -ret, buf ); + goto exit; + } + + /* + * Write the signature into result-enc.txt + */ + if( ( f = fopen( "result-enc.txt", "wb+" ) ) == NULL ) + { + ret = 1; + printf( " failed\n ! Could not create %s\n\n", "result-enc.txt" ); + goto exit; + } + + for( i = 0; i < olen; i++ ) + fprintf( f, "%02X%s", buf[i], + ( i + 1 ) % 16 == 0 ? "\r\n" : " " ); + + fclose( f ); + + printf( "\n . Done (created \"%s\")\n\n", "result-enc.txt" ); + +exit: + +#if defined(_WIN32) + printf( " + Press Enter to exit this program.\n" ); + fflush( stdout ); getchar(); +#endif + + return( ret ); +} +#endif /* POLARSSL_BIGNUM_C && POLARSSL_PK_PARSE_C && POLARSSL_ENTROPY_C && + POLARSSL_FS_IO && POLARSSL_CTR_DRBG_C */ diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c new file mode 100644 index 000000000..61a486887 --- /dev/null +++ b/programs/pkey/pk_sign.c @@ -0,0 +1,168 @@ +/* + * Public key-based signature creation program + * + * Copyright (C) 2006-2013, Brainspark B.V. + * + * This file is part of PolarSSL (http://www.polarssl.org) + * Lead Maintainer: Paul Bakker + * + * All rights reserved. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#ifndef _CRT_SECURE_NO_DEPRECATE +#define _CRT_SECURE_NO_DEPRECATE 1 +#endif + +#include +#include + +#include "polarssl/config.h" + +#include "polarssl/error.h" +#include "polarssl/entropy.h" +#include "polarssl/ctr_drbg.h" +#include "polarssl/md.h" +#include "polarssl/pk.h" +#include "polarssl/sha1.h" + +#if defined _MSC_VER && !defined snprintf +#define snprintf _snprintf +#endif + +#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_ENTROPY_C) || \ + !defined(POLARSSL_SHA1_C) || \ + !defined(POLARSSL_PK_PARSE_C) || !defined(POLARSSL_FS_IO) || \ + !defined(POLARSSL_CTR_DRBG_C) +int main( int argc, char *argv[] ) +{ + ((void) argc); + ((void) argv); + + printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or " + "POLARSSL_SHA1_C and/or " + "POLARSSL_PK_PARSE_C and/or POLARSSL_FS_IO and/or " + "POLARSSL_CTR_DRBG_C not defined.\n"); + return( 0 ); +} +#else +int main( int argc, char *argv[] ) +{ + FILE *f; + int ret; + pk_context pk; + entropy_context entropy; + ctr_drbg_context ctr_drbg; + unsigned char hash[20]; + unsigned char buf[POLARSSL_MPI_MAX_SIZE]; + char filename[512]; + const char *pers = "pk_sign"; + size_t olen = 0; + + ret = 1; + + if( argc != 3 ) + { + printf( "usage: pk_sign \n" ); + +#if defined(_WIN32) + printf( "\n" ); +#endif + + goto exit; + } + + printf( "\n . Seeding the random number generator..." ); + fflush( stdout ); + + entropy_init( &entropy ); + if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy, + (const unsigned char *) pers, + strlen( pers ) ) ) != 0 ) + { + polarssl_strerror( ret, (char *) buf, sizeof(buf) ); + printf( " failed\n ! ctr_drbg_init returned -0x%04x - %s\n\n", -ret, buf ); + goto exit; + } + + printf( "\n . Reading private key from '%s'", argv[1] ); + fflush( stdout ); + + pk_init( &pk ); + + if( ( ret = pk_parse_keyfile( &pk, argv[1], "" ) ) != 0 ) + { + ret = 1; + printf( " failed\n ! Could not open '%s'\n", argv[1] ); + goto exit; + } + + /* + * Compute the SHA-1 hash of the input file, + * then calculate the signature of the hash. + */ + printf( "\n . Generating the SHA-1 signature" ); + fflush( stdout ); + + if( ( ret = sha1_file( argv[2], hash ) ) != 0 ) + { + printf( " failed\n ! Could not open or read %s\n\n", argv[2] ); + goto exit; + } + + if( ( ret = pk_sign( &pk, POLARSSL_MD_SHA1, hash, 0, buf, &olen, + ctr_drbg_random, &ctr_drbg ) ) != 0 ) + { + polarssl_strerror( ret, (char *) buf, sizeof(buf) ); + printf( " failed\n ! pk_sign returned -0x%04x - %s\n\n", -ret, buf ); + goto exit; + } + + /* + * Write the signature into -sig.txt + */ + snprintf( filename, sizeof(filename), "%s.sig", argv[2] ); + + if( ( f = fopen( filename, "wb+" ) ) == NULL ) + { + ret = 1; + printf( " failed\n ! Could not create %s\n\n", filename ); + goto exit; + } + + if( fwrite( buf, 1, olen, f ) != olen ) + { + printf( "failed\n ! fwrite failed\n\n" ); + goto exit; + } + + fclose( f ); + + printf( "\n . Done (created \"%s\")\n\n", filename ); + +exit: + pk_free( &pk ); + +#if defined(_WIN32) + printf( " + Press Enter to exit this program.\n" ); + fflush( stdout ); getchar(); +#endif + + return( ret ); +} +#endif /* POLARSSL_BIGNUM_C && POLARSSL_ENTROPY_C && + POLARSSL_SHA1_C && POLARSSL_PK_PARSE_C && POLARSSL_FS_IO && + POLARSSL_CTR_DRBG_C */ diff --git a/programs/pkey/pk_verify.c b/programs/pkey/pk_verify.c new file mode 100644 index 000000000..68c088700 --- /dev/null +++ b/programs/pkey/pk_verify.c @@ -0,0 +1,145 @@ +/* + * Public key-based signature verification program + * + * Copyright (C) 2006-2013, Brainspark B.V. + * + * This file is part of PolarSSL (http://www.polarssl.org) + * Lead Maintainer: Paul Bakker + * + * All rights reserved. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#ifndef _CRT_SECURE_NO_DEPRECATE +#define _CRT_SECURE_NO_DEPRECATE 1 +#endif + +#include +#include + +#include "polarssl/config.h" + +#include "polarssl/error.h" +#include "polarssl/md.h" +#include "polarssl/pk.h" +#include "polarssl/sha1.h" + +#if defined _MSC_VER && !defined snprintf +#define snprintf _snprintf +#endif + +#if !defined(POLARSSL_BIGNUM_C) || \ + !defined(POLARSSL_SHA1_C) || !defined(POLARSSL_PK_PARSE_C) || \ + !defined(POLARSSL_FS_IO) +int main( int argc, char *argv[] ) +{ + ((void) argc); + ((void) argv); + + printf("POLARSSL_BIGNUM_C and/or " + "POLARSSL_SHA1_C and/or POLARSSL_PK_PARSE_C and/or " + "POLARSSL_FS_IO not defined.\n"); + return( 0 ); +} +#else +int main( int argc, char *argv[] ) +{ + FILE *f; + int ret; + size_t i; + pk_context pk; + unsigned char hash[20]; + unsigned char buf[POLARSSL_MPI_MAX_SIZE]; + char filename[512]; + + ret = 1; + if( argc != 3 ) + { + printf( "usage: pk_verify \n" ); + +#if defined(_WIN32) + printf( "\n" ); +#endif + + goto exit; + } + + printf( "\n . Reading public key from '%s'", argv[1] ); + fflush( stdout ); + + pk_init( &pk ); + + if( ( ret = pk_parse_public_keyfile( &pk, argv[1] ) ) != 0 ) + { + polarssl_strerror( ret, (char *) buf, sizeof(buf) ); + printf( " failed\n ! pk_parse_public_keyfile returned -0x%04x - %s\n\n", -ret, buf ); + goto exit; + } + + /* + * Extract the signature from the text file + */ + ret = 1; + snprintf( filename, sizeof(filename), "%s.sig", argv[2] ); + + if( ( f = fopen( filename, "rb" ) ) == NULL ) + { + printf( "\n ! Could not open %s\n\n", filename ); + goto exit; + } + + + i = fread( buf, 1, sizeof(buf), f ); + + fclose( f ); + + /* + * Compute the SHA-1 hash of the input file and compare + * it with the hash decrypted from the signature. + */ + printf( "\n . Verifying the SHA-1 signature" ); + fflush( stdout ); + + if( ( ret = sha1_file( argv[2], hash ) ) != 0 ) + { + printf( " failed\n ! Could not open or read %s\n\n", argv[2] ); + goto exit; + } + + if( ( ret = pk_verify( &pk, POLARSSL_MD_SHA1, hash, 0, + buf, i ) ) != 0 ) + { + polarssl_strerror( ret, (char *) buf, sizeof(buf) ); + printf( " failed\n ! pk_verify returned -0x%04x - %s\n\n", -ret, buf ); + goto exit; + } + + printf( "\n . OK (the decrypted SHA-1 hash matches)\n\n" ); + + ret = 0; + +exit: + pk_free( &pk ); + +#if defined(_WIN32) + printf( " + Press Enter to exit this program.\n" ); + fflush( stdout ); getchar(); +#endif + + return( ret ); +} +#endif /* POLARSSL_BIGNUM_C && POLARSSL_SHA1_C && + POLARSSL_PK_PARSE_C && POLARSSL_FS_IO */