stategen.c
6.94 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
#include <openssl/rsa.h>
#include <openssl/bn.h>
#include <stdlib.h>
#include <sha1.h>
#include <PR/bbmetadata.h>
#include <PR/bbcert.h>
#include <aes.h>
#include <openssl/rand.h>
#include <stdlib.h>
#include <bb_nn.h>
#include <PR/bbcrl.h>
#include <sys/types.h>
#include <sys/stat.h>
#include "util.h"
#define MAX_KEY_SIZE 4096
/*
#define DEBUG
*/
#define MAX_REVOKED 256
int main(int argc, char **argv){
RSA *prsa;
int equal =0;
BbRsaCert cert;
int iter;
int count;
int size, newsize, i, e_size, n_size;
int num_bytes, num_word, max_long, int_max;
unsigned char hash_data[20];
unsigned char input_string[2048];
unsigned char e_string[512];
unsigned char n_string[512];
unsigned char signature[512];
unsigned long certpublickey[128];
unsigned long certsign[128];
unsigned long certexponent;
char *root_string;
char *temp_string;
char tmp_name[2048];
unsigned char customResult[512];
unsigned char *padded_data;
unsigned char *verify;
unsigned long number;
int inputLen = 20;
SHA1Context sha;
FILE *stateptr;
u8 *stateBlob;
u32 date;
int j;
FILE *statedataptr;
FILE *signerptr;
FILE *signatureptr;
FILE *stateoutptr;
FILE *sigptr;
char dummy[512];
char pvtkeyfile[512];
struct stat statbuf;
int state_size;
BbEccCert bbcert;
FILE *bbcertptr;
BbEccPublicKey publickey;
BbEccSig sig;
boolean res;
BbShaHash hash_word;
padded_data = (unsigned char *)malloc(512);
verify = (unsigned char *) malloc(512);
if(argc < 5){
fprintf(stderr,"usage: %s signerfile statefile signaturefilsprefix number\n", argv[0]);
exit(1);
}
if((root_string = getenv("ROOT")) == NULL){
fprintf(stderr,"Root not set\n");
exit(1);
}
/* signer data is local */
/*
sprintf(tmp_name,"%s/usr/host_data/%s", root_string, argv[1]);
signerptr = fopen(tmp_name, "r");
*/
signerptr = fopen(argv[1], "r");
if(signerptr ==0){
fprintf(stderr,"couldnt find key data for signer\n");
exit(1);
}
/* put state data for now */
#if 0
stateoutptr = fopen("state.dat", "w");
stateBlob = malloc(1024);
for(i=0; i< 1024; i++){
stateBlob[i] = i;
}
fwrite(stateBlob, 1024, 1, stateoutptr);
fclose(stateoutptr);
exit(1);
#endif
statedataptr = fopen(argv[2], "r");
if(statedataptr ==0){
fprintf(stderr,"couldnt find your state data in local directory\n");
exit(1);
}
signatureptr = fopen(argv[3], "w");
if(signatureptr ==0){
fprintf(stderr,"couldnt open signature file for writing\n");
exit(1);
}
/* read in state data */
stat(argv[2], &statbuf);
printf("state file size = %ld\n", (long)statbuf.st_size);
state_size = (long) statbuf.st_size;
stateBlob= malloc(state_size);
fread(stateBlob, state_size, 1, statedataptr);
/* compute hash */
SHA1Reset(&sha);
SHA1Input(&sha, ((u8 *)(stateBlob)),state_size);
SHA1Result(&sha, hash_data);
prsa = RSA_new();
readRsaData(signerptr, prsa);
size = RSA_size(prsa);
num_bytes = size;
/* sign it : each time sign is different because of the padding*/
for(iter=0; iter < atoi(argv[4]); iter++){
RSA_padding_add_PKCS1_type_2(padded_data, num_bytes, hash_data, 20);
#ifdef DEBUG
for (i = 0; i < 20; i++){
printf("hash[%d] of state data= %02x\n",i,hash_data[i]);
}
#endif
size = RSA_private_encrypt(num_bytes,
padded_data, signature, prsa, RSA_NO_PADDING);
/* zero the result */
for(i = 0; i < size; i++){
verify[i] = 0;
}
newsize = RSA_public_decrypt(RSA_size(prsa), signature, verify, prsa, RSA_NO_PADDING);
#ifdef DEBUG
for(i =0; i< num_bytes; i++){
printf("state signature = %02x verify [%d] = %02x padded_data = %02x\n", signature[i] , i, verify[i], padded_data[i]);
}
#endif
/* initialise bigint */
e_size = BN_bn2bin(prsa->e, e_string);
n_size = BN_bn2bin(prsa->n, n_string);
count = 0;
for(i=0; i< n_size; i= i+4){
certsign[count] = htonl(get_word(signature + i));
count++;
}
#ifdef DEBUG
for(i = 0; i < 128; i++){
printf("sign in file in right format = %08x\n", certsign[i]);
}
#endif
/* copy the sign to its rightful place */
fwrite((void *)signature, 1, num_bytes, signatureptr);
/* validate on x86 */
e_size = BN_bn2bin(prsa->e, e_string);
n_size = BN_bn2bin(prsa->n, n_string);
certexponent = get_word(e_string);
count = 0;
for(i=0; i< n_size; i= i+4){
certpublickey[count] = htonl(get_word(n_string + i));
certsign[count] = htonl(get_word(signature + i));
count++;
}
bsl_rsa_verify(customResult, certsign, certpublickey, &certexponent, num_bytes*8);
/* print custom result of decryption */
equal = 0;
j= 0;
/* print output*/
for(i=num_bytes- 20; i < num_bytes; i++){
#ifdef DEBUG
printf("input = %02x custom = %02x\n", padded_data[i], customResult[i]);
#endif
if(hash_data[j] != customResult[i]){
equal = 1;
}
j++;
}
if(equal ==0){
printf("state sign test: OK PASS test \n");
}
else {
printf("state test: NOT OK FAIL test\n");
}
}
free(prsa);
if(signatureptr) fclose(signatureptr);
if(statedataptr) fclose(statedataptr);
/* verify a sign from a BB: assumed BBs cert is ecccert.bin */
if((bbcertptr = fopen("ecccert.bin", "r")) == 0){
fprintf(stderr,"cant open bb cert file \n");
exit(1);
}
fread((void *) &bbcert, sizeof(BbEccCert), 1, bbcertptr);
for(i=0; i< sizeof(BbEccPublicKey)/4; i++){
publickey[i] = ntohl(bbcert.publicKey[i]);
}
/* read in sign here */
/*
sig[0] = 0x0000007d;
sig[1] = 0x02675e5f;
sig[2] = 0xeffc1194;
sig[3] = 0x63171483;
sig[4] = 0x0563810f;
sig[5] = 0x485bbf56;
sig[6] = 0x125012c3;
sig[7] = 0x479864be;
sig[8] = 0x000000bb;
sig[9] = 0xb803f2e2;
sig[10] =0x780fcfd4;
sig[11] =0x10743ae7;
sig[12] =0xbe8c4be7;
sig[13] =0x9f89f2cb;
sig[14] =0xbf8bff96;
sig[15] =0x471db7f2;
*/
if((sigptr = fopen("ecc.sys.copy", "r")) == 0){
fprintf(stderr,"cant open bb sig file\n");
exit(1);
}
fread((void *) &sig, sizeof(BbEccSig), 1, sigptr);
for(i=0; i< sizeof(BbEccSig)/4; i++){
sig[i] = ntohl(sig[i]);
}
#define API_IDENTITY (0x00000001)
for(i=0; i< 5; i++){
hash_word[i] = *((u32 *)(hash_data + (4*i)));
printf("hash_word = %08x\n", hash_word[i]);
}
bsl_verify_ecc_sig(hash_word, sizeof(BbShaHash), publickey,
sig, &res, API_IDENTITY);
if(res != BSL_TRUE){
printf("Ecc sign verify FAIL\n");
}
else{
printf("Ecc sign verify PASS\n");
}
return 0;
}