From 34e1a27cb166729ae8b9158b0ae002b33dd422a1 Mon Sep 17 00:00:00 2001 From: Alex Shinn Date: Mon, 23 Jun 2014 00:08:19 +0900 Subject: [PATCH] Separating rsa-verify and rsa-verify?. Uploading snow packages with pkcs1 padding. --- lib/chibi/crypto/rsa.scm | 18 +++++++++++------- lib/chibi/crypto/rsa.sld | 8 +++++--- lib/chibi/snow/commands.scm | 20 +++++++++----------- tests/rsa-tests.scm | 27 ++++++++++++++++++++++++++- 4 files changed, 51 insertions(+), 22 deletions(-) diff --git a/lib/chibi/crypto/rsa.scm b/lib/chibi/crypto/rsa.scm index 0f923b75..98527580 100644 --- a/lib/chibi/crypto/rsa.scm +++ b/lib/chibi/crypto/rsa.scm @@ -58,7 +58,7 @@ (define (rsa-encrypt-integer pub-key msg) (if (>= msg (rsa-key-n pub-key)) - (error "message larger than modulus")) + (error "message larger than modulus" msg (rsa-key-n pub-key))) (modular-expt msg (rsa-key-e pub-key) (rsa-key-n pub-key))) (define (rsa-decrypt-integer priv-key cipher) @@ -66,9 +66,9 @@ (error "cipher larger than modulus")) (modular-expt cipher (rsa-key-d priv-key) (rsa-key-n priv-key))) -;; Arbitrary messages are encrypted by converting padded bytevectors +;; Arbitrary messages are encrypted by converting encoded bytevectors ;; to and from integers. -;; TODO: user better padding +;; TODO: user emsa-pss encoding (define (convert-plain f key msg) (cond @@ -115,10 +115,14 @@ (error "can't sign without a private key" priv-key) (convert-plain rsa-decrypt-integer priv-key msg))) +;;> Returns the verified (decrypted) message for the signature \var{sig}. +(define (rsa-verify pub-key sig) + (if (not (rsa-key-e pub-key)) + (error "can't verify without a public key" pub-key) + (convert-cipher rsa-encrypt-integer pub-key sig))) + ;;> Returns true iff \var{sig} is a valid signature of \var{msg} for ;;> the given public key \var{pub-key}. (define (rsa-verify? pub-key msg sig) - (if (not (rsa-key-e pub-key)) - (error "can't verify without a public key" pub-key) - (equal? (if (string? msg) (string->utf8 msg) msg) - (convert-cipher rsa-encrypt-integer pub-key sig)))) + (equal? (if (string? msg) (string->utf8 msg) msg) + (rsa-verify pub-key sig))) diff --git a/lib/chibi/crypto/rsa.sld b/lib/chibi/crypto/rsa.sld index 95382796..484c6170 100644 --- a/lib/chibi/crypto/rsa.sld +++ b/lib/chibi/crypto/rsa.sld @@ -1,7 +1,9 @@ (define-library (chibi crypto rsa) - (import (scheme base) (srfi 33) (chibi bytevector) (chibi math prime)) + (import (scheme base) (srfi 27) (srfi 33) + (chibi bytevector) (chibi math prime)) (export make-rsa-key rsa-key-gen rsa-key-gen-from-primes rsa-pub-key - rsa-encrypt rsa-decrypt rsa-sign rsa-verify? - rsa-key? rsa-key-bits rsa-key-n rsa-key-e rsa-key-d) + rsa-encrypt rsa-decrypt rsa-sign rsa-verify rsa-verify? + rsa-key? rsa-key-bits rsa-key-n rsa-key-e rsa-key-d + pkcs1-pad pkcs1-unpad) (include "rsa.scm")) diff --git a/lib/chibi/snow/commands.scm b/lib/chibi/snow/commands.scm index 8368f7e7..f24d5b84 100644 --- a/lib/chibi/snow/commands.scm +++ b/lib/chibi/snow/commands.scm @@ -496,11 +496,12 @@ ,(rsa-key-n rsa-key) #f ,(rsa-key-d rsa-key)) - ,(hex-string->integer digest)) + ;;,(hex-string->integer digest) + ,(hex-string->bytevector digest)) '((chibi crypto rsa)))) - (hex-sig (integer->hex-string sig))) - (if (not (equal? sig (hex-string->integer hex-sig))) - (error "hex-string conversion invalid" sig hex-sig)) + (hex-sig (if (bytevector? sig) + (bytevector->hex-string sig) + (integer->hex-string sig)))) `(signature (email ,email) (digest ,digest-name) @@ -531,14 +532,11 @@ (find (rsa-identity=? email) keys)) (car keys))) (rsa-key (extract-rsa-public-key rsa-key-sexp)) - (cipher (rsa-encrypt rsa-key (hex-string->integer sig)))) - ;; (rsa-verify? rsa-key - ;; (hex-string->integer digest) - ;; (hex-string->integer sig)) - (if (equal? cipher (hex-string->integer digest)) + (cipher (rsa-verify rsa-key (hex-string->bytevector sig))) + (digest-bv (hex-string->bytevector digest))) + (if (equal? cipher digest-bv) (show #t "signature valid " nl) - (show #t "signature invalid " - cipher " " (hex-string->integer digest) nl)))) + (show #t "signature invalid " cipher " != " digest-bv nl)))) ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;; Upload - upload a package. diff --git a/tests/rsa-tests.scm b/tests/rsa-tests.scm index d4d7802b..7d98cf81 100644 --- a/tests/rsa-tests.scm +++ b/tests/rsa-tests.scm @@ -1,5 +1,8 @@ -(import (scheme base) (scheme write) (chibi crypto rsa) (chibi test)) +(import (scheme base) + (chibi crypto rsa) + (chibi crypto sha2) + (chibi test)) (test-begin "rsa") @@ -53,4 +56,26 @@ ;; (test-key (rsa-key-gen 512)) ; 4s ;; (test-key (rsa-key-gen 1024)) ; 92s +;; padding + +(test #u8(8 8 8 8 8 8 8 8) (pkcs1-pad #u8())) +(test #u8(1 7 7 7 7 7 7 7) (pkcs1-pad #u8(1))) +(test #u8(1 2 6 6 6 6 6 6) (pkcs1-pad #u8(1 2))) +(test #u8(1 2 3 5 5 5 5 5) (pkcs1-pad #u8(1 2 3))) +(test #u8(1 2 3 4 4 4 4 4) (pkcs1-pad #u8(1 2 3 4))) +(test #u8(1 2 3 4 5 3 3 3) (pkcs1-pad #u8(1 2 3 4 5))) +(test #u8(1 2 3 4 5 6 2 2) (pkcs1-pad #u8(1 2 3 4 5 6))) +(test #u8(1 2 3 4 5 6 7 1) (pkcs1-pad #u8(1 2 3 4 5 6 7))) +(test #u8(1 2 3 4 5 6 7 8 8 8 8 8 8 8 8 8) (pkcs1-pad #u8(1 2 3 4 5 6 7 8))) + +(test #u8() (pkcs1-unpad #u8(8 8 8 8 8 8 8 8))) +(test #u8(1) (pkcs1-unpad #u8(1 7 7 7 7 7 7 7))) +(test #u8(1 2) (pkcs1-unpad #u8(1 2 6 6 6 6 6 6))) +(test #u8(1 2 3) (pkcs1-unpad #u8(1 2 3 5 5 5 5 5))) +(test #u8(1 2 3 4) (pkcs1-unpad #u8(1 2 3 4 4 4 4 4))) +(test #u8(1 2 3 4 5) (pkcs1-unpad #u8(1 2 3 4 5 3 3 3))) +(test #u8(1 2 3 4 5 6) (pkcs1-unpad #u8(1 2 3 4 5 6 2 2))) +(test #u8(1 2 3 4 5 6 7) (pkcs1-unpad #u8(1 2 3 4 5 6 7 1))) +(test #u8(1 2 3 4 5 6 7 8) (pkcs1-unpad #u8(1 2 3 4 5 6 7 8 8 8 8 8 8 8 8 8))) + (test-end)