Merge pull request #4 from IBM/dev_Robin

smcmahonibm · web-flow · commit 9bd0b9ca6edb · 2024-03-14T09:28:45.000+10:00
Dynamic Key Pair Creation and Hex Calculation
diff --git a/.github/workflows/.workflowTest.yml b/.github/workflows/.workflowTest.yml
@@ -28,6 +28,7 @@ jobs:
         run: |
           cd icc
           make OPSYS=AMD64_LINUX CONFIG=debug create_all
+          export LD_LIBRARY_PATH=/home/runner/work/OpenCryptographyKitC/OpenCryptographyKitC/openssl-1.1.1/
           make -k OPSYS=AMD64_LINUX CONFIG=debug all
           make -k OPSYS=AMD64_LINUX CONFIG=debug tests
           make -k OPSYS=AMD64_LINUX CONFIG=debug show_config
@@ -43,6 +44,7 @@ jobs:
         run: |
           cd icc
           make -k OPSYS=AMD64_LINUX CONFIG=release create_all
+          export LD_LIBRARY_PATH=/home/runner/work/OpenCryptographyKitC/OpenCryptographyKitC/openssl-1.1.1/
           make -k OPSYS=AMD64_LINUX CONFIG=release all
           make -k OPSYS=AMD64_LINUX CONFIG=release iccpkg
           make -k OPSYS=AMD64_LINUX CONFIG=release show_config
diff --git a/icc/Makefile b/icc/Makefile
@@ -429,7 +429,7 @@ tmp/tmp/dummyfile:  Build_OSSL_Complete tmp/dummyfile
 #- Split this into 2 phases for the OS/X fat binaries work - resolves circular dependencies
 # this is target for icclib085 shared library
 
-$(ICCDLL_NAME):  icclib$(OBJSUFX) $(LIBOBJS)  $(STLPRFX)zlib$(STLSUFX) tmp/tmp/dummyfile  signer$(EXESUFX) tracer.h extsig.h
+$(ICCDLL_NAME): privkey.rsa icclib$(OBJSUFX) $(LIBOBJS)  $(STLPRFX)zlib$(STLSUFX) tmp/tmp/dummyfile  signer$(EXESUFX) tracer.h extsig.h
 	$(SLD) $(SLDFLAGS) $(ICCLIB_LNK) $(EXPORT_FLAG)$(ICCLIB_EXPFILE)  icclib$(OBJSUFX) $(LIBOBJS) $(STLPRFX)zlib$(STLSUFX) \
 		tmp/tmp/*$(OBJSUFX)  $(LDLIBS)
 #- Unstripped goes into NOSHIP
@@ -590,6 +590,15 @@ nist_algs$(EXESUFX): nist_algs1$(OBJSUFX)
 #=============================== Code sign/verify    ==============================
 
 #- stand alone signing tool
+privkey.rsa:
+	$(ICC_ROOT)/openssl-1.1.1/apps/openssl genrsa -out privkey.rsa 2048
+
+pubkey.h: privkey.rsa
+	$(ICC_ROOT)/openssl-1.1.1/apps/openssl rsa -in privkey.rsa -outform DER -RSAPublicKey_out > rsa_pub_key.der
+	echo "/*This is an auto generated code please DO NOT modify*/" > pubkey.h
+	perl bin2hex.pl rsa_pub_key.der temp.h
+	cat temp.h >> pubkey.h
+	rm temp.h rsa_pub_key.der
 
 signer$(OBJSUFX): extsig.c
 	$(CC) -DSTANDALONE -DOPSYS=\"$(OPSYS)\" $(CFLAGS) -I$(OSSLINC_DIR) extsig.c $(OUT)$@
@@ -612,7 +621,7 @@ status$(OBJSUFX): status.c status.h icclib.h
 	$(CC) $(CFLAGS)  -I$(SDK_DIR) -I$(OSSLINC_DIR) -I$(OSSL_DIR) -I$(API_DIR) status.c
 
 #- Build ICC FIPS code
-fips$(OBJSUFX): fips.c fips.h icclib.h iccerr.h $(PRNG_DIR)/fips-prng-RAND.h tracer.h 
+fips$(OBJSUFX): pubkey.h fips.c fips.h icclib.h iccerr.h $(PRNG_DIR)/fips-prng-RAND.h tracer.h 
 	$(CC) $(CFLAGS) -I./  -I$(SDK_DIR) -I$(OSSLINC_DIR) -I$(OSSL_DIR) -I$(API_DIR) fips.c
 
 #- Compile the FIPS prng code
diff --git a/icc/bin2hex.pl b/icc/bin2hex.pl
@@ -0,0 +1,34 @@
+#/*****Note- This Script is coping the effect of xxd -i command**********/
+#!/usr/bin/perl
+use strict;
+use warnings;
+
+if (@ARGV != 2) {
+    die "Usage: $0 input_binary_file output_text_file\n";
+}
+
+my ($input_file, $output_file) = @ARGV;
+my ($input_file_name) = $input_file =~ /^(.*?)\.[^.]*$/;
+
+open my $input_fh, '<:raw', $input_file or die "Cannot open input file '$input_file': $!\n";
+open my $output_fh, '>', $output_file or die "Cannot open output file '$output_file': $!\n";
+
+print $output_fh "static const unsigned char $input_file_name\[] = {\n\t";
+
+my $n = 0;
+while (read $input_fh, my $buffer, 1) {
+    my $hex_byte = unpack 'H2', $buffer;
+    if ($n > 0 ) {
+	print $output_fh ",";
+    }
+    if ($n > 0 && ($n % 16) == 0) {
+        print $output_fh "\n\t";
+    }
+    print $output_fh "0x", $hex_byte;
+    $n = $n + 1;
+}
+print $output_fh "\n};\n";
+print $output_fh "unsigned $input_file_name\_size = ", $n, ";\n";
+
+close $input_fh;
+close $output_fh;
diff --git a/icc/extsig.c b/icc/extsig.c
@@ -151,6 +151,7 @@ static long HashCore(FILE *fin, long pos, EVP_MD_CTX *md_ctx,
                      const EVP_MD *md) {
   size_t len = 0;
   long amt = 0;
+  int rc = 0;
 
   if (NULL != fin) {
     if (0 == pos) {
@@ -159,7 +160,10 @@ static long HashCore(FILE *fin, long pos, EVP_MD_CTX *md_ctx,
     }
     fseek(fin, 0, SEEK_SET);
     EVP_MD_CTX_cleanup(md_ctx);
-    EVP_DigestInit(md_ctx, md);
+    rc = EVP_DigestInit(md_ctx, md);
+    if (1 != rc) {
+       printf("HashCore:EVP_DigestInit failed %d\n", rc);
+    }
     /* Work out how much to read */
     while (pos > 0) {
       amt = sizeof(fbuf);
@@ -168,10 +172,14 @@ static long HashCore(FILE *fin, long pos, EVP_MD_CTX *md_ctx,
       }
       len = fread(fbuf, 1, amt, fin);
       if (len > 0) {
-        EVP_DigestUpdate(md_ctx, fbuf, len);
+        rc = EVP_DigestUpdate(md_ctx, fbuf, len);
+        if (1 != rc) {
+           printf("HashCore:EVP_DigestUpdate failed %d\n", rc);
+        }
         pos -= (long)len;
       } else {
-        break;
+         printf("HashCore:fread failed\n");
+         break;
       }
     }
   }
@@ -622,12 +630,19 @@ static int GenSig(FILE *fin, unsigned char *sigout, EVP_PKEY *key, long pos) {
       HashCore(fin, pos, md_ctx, md);
       evpRC = EVP_SignFinal(md_ctx, sigout, &signL, key);
       if (1 != evpRC) {
-        signL = 0;
+         printf("GenSig: EVP_SignFinal error %d\n", evpRC);
+         signL = 0;
       }
       EVP_MD_CTX_free(md_ctx);
     }
+    else {
+       printf("GenSig: EVP error\n");
+    }
     fseek(fin, pos, SEEK_SET);
   }
+  else {
+     printf("GenSig: fin error\n");
+  }
   return (int)signL;
 }
 static void usage(char *pname, char *str) {
diff --git a/icc/fips.c b/icc/fips.c
@@ -22,6 +22,16 @@
 #include "TRNG/nist_algs.h"
 #include "tracer.h"
 
+/** @brief this is the public key that complements the private key */
+/* used to sign the modules within the cryptographic       */
+/* boundary at build time                                  */
+/* The private key at this time is stored in a file        */
+/* named icc/privkey.rsa                                   */
+/* \known Data: (rsa_pub_key) RSA public key used to verify
+    the ICC shared library signatures
+*/
+#include "pubkey.h"
+
 
 #if defined(_WIN32)
 #include <fcntl.h>
@@ -826,52 +836,6 @@ static const unsigned char cmac_ka[] = {
   0xbd,0x4b,0xf2,0x8d,0x8c,0x37,0xc3,0x5c
 };
 
-/** @brief this is the public key that complements the private key */
-/* used to sign the modules within the cryptographic       */
-/* boundary at build time                                  */
-/* The private key at this time is stored in a file        */
-/* named icc/privkey.rsa                                   */
-/** \known Data: (rsa_pub_key_DER) RSA public key used to verify
-    the ICC shared library signatures
-*/
-static const unsigned char rsa_pub_key_DER[] =
-  {
-    0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,
-    0x00,0xD5,0x61,0x38,0x36,0x15,0x97,0xAD,
-    0xDC,0x6D,0x4D,0x44,0x8E,0x06,0x45,0x36,
-    0xB4,0x23,0x1A,0x69,0x82,0xD8,0xFE,0x9E,
-    0xF0,0x74,0x45,0x87,0xE1,0xE3,0x7F,0x58,
-    0x6D,0xA2,0x42,0xBB,0xAF,0xC6,0xC8,0x41,
-    0xBE,0xCA,0x50,0x1D,0x02,0x96,0xFC,0xAB,
-    0x66,0xDB,0xD5,0xE9,0x78,0x48,0x87,0x55,
-    0x68,0xF6,0x2B,0x7A,0xD3,0x18,0xDA,0xC7,
-    0x36,0xD0,0xD2,0x14,0xF8,0x93,0x2B,0x21,
-    0x5E,0x7A,0x95,0xAC,0xB6,0x76,0x9A,0xFE,
-    0x6C,0x31,0x4C,0x6D,0xC8,0xC7,0xDE,0x53,
-    0x53,0xB5,0x98,0x87,0x2F,0x9D,0x96,0x6B,
-    0x21,0xC0,0x83,0x6E,0xFC,0x13,0x39,0x28,
-    0x9B,0xBB,0x76,0xC7,0xF6,0x4E,0xDE,0x69,
-    0xCE,0xE0,0x4B,0x35,0x4D,0xC5,0xB9,0xE6,
-    0x96,0xDD,0xD1,0xB4,0x1C,0xE9,0xDC,0xE3,
-    0x7A,0x9C,0x74,0x19,0x71,0xCD,0xFE,0xF7,
-    0xEA,0x4E,0xC5,0x5E,0x7C,0xE7,0xA7,0xE7,
-    0x09,0x8C,0xB6,0xA8,0xC2,0x9F,0x1B,0xAE,
-    0x8C,0x22,0x08,0x05,0xF2,0xA4,0x53,0xA3,
-    0x03,0x83,0x4E,0x36,0x99,0x0D,0x86,0xC2,
-    0x00,0xE4,0xDF,0x82,0x29,0x88,0xA6,0x99,
-    0x1C,0x36,0x80,0xF5,0xD7,0x88,0x99,0x0A,
-    0x6F,0xB6,0x37,0xFF,0x99,0x87,0xF1,0x6C,
-    0x7B,0x3F,0x63,0x94,0x5A,0x42,0x56,0xF6,
-    0x34,0x80,0xC5,0x22,0x04,0x89,0x50,0x9F,
-    0x36,0x6A,0x58,0x49,0xB4,0xF0,0x65,0x01,
-    0xF8,0x69,0xD9,0x76,0x0E,0x9D,0x5F,0xAF,
-    0xB5,0xFE,0x0D,0xE0,0xF8,0x41,0xB6,0x80,
-    0xE5,0xA2,0x02,0xD0,0x8D,0xC6,0xAB,0xEE,
-    0xAE,0x53,0x8C,0xBC,0x1E,0x97,0x4F,0xEE,
-    0x9C,0xF3,0x47,0x08,0xDE,0x8C,0xB1,0xD8,
-    0x1B,0x02,0x03,0x01,0x00,0x01
-  };
-
 #if defined(KNOWN) 
 /** \known Data. OpenSSL curve name corresponding to NIST B-233  
     for binary field KAT
@@ -5099,14 +5063,14 @@ EVP_PKEY *get_pubkey(ICC_STATUS *stat) {
     SetStatusMem(NULL, stat, __FILE__, __LINE__);
   } else {
     const unsigned char *p1 = NULL;
-    p1 = (unsigned char *)rsa_pub_key_DER;
+    p1 = (unsigned char *)rsa_pub_key;
     /** \induced 157. Signature test, corrupt DER encoding
      */
     if (157 == icc_failure) {
       p1++;
     }
     rsaPKey = d2i_PublicKey(EVP_PKEY_RSA, &rsaPKey, (const unsigned char **)&p1,
-                            sizeof(rsa_pub_key_DER));
+                            sizeof(rsa_pub_key));
 
     /** \induced 153. iccSignature test. Couldn't convert embedded key to
        binary representation. This should never happen as if OpenSSL isn't
