/* This program is released under the Common Public License V1.0
*
* You should have received a copy of Common Public License V1.0 along with
* with this program.
*
* Copyright IBM Corp. 2016
*
*/
#include <stdio.h>
#include <string.h>
#include <errno.h>
#include <ica_api.h>
#define RSA_KEY_SIZE_BITS 2048
#define RSA_KEY_SIZE_BYTES (RSA_KEY_SIZE_BITS + 7) / 8
#define RSA_DATA_SIZE_BYTES RSA_KEY_SIZE_BYTES
/* This is the plain data, you want to encrypt. For the
* encryption mode used in this example, it is necessary,
* that the length of the encrypted data is less or eqal
* to the RSA key length in bytes.
*/
unsigned char message[] = {
0x55, 0x73, 0x69, 0x6e, 0x67, 0x20, 0x6c, 0x69,
0x62, 0x69, 0x63, 0x61, 0x20, 0x69, 0x73, 0x20,
0x73, 0x6d, 0x61, 0x72, 0x74, 0x20, 0x61, 0x6e,
0x64, 0x20, 0x65, 0x61, 0x73, 0x79, 0x21, 0x00,
};
/* Prints hex values to standard out. */
static void dump_data(unsigned char *data, unsigned long length);
/* Prints a description of the return value to standard out. */
static int handle_ica_error(int rc);
int main(int argc, char **argv)
{
int rc;
/* This is the RSA public/private key pair. We use libica function
* ica_rsa_key_generate_crt to generate it.
*/
ica_rsa_key_mod_expo_t public_key;
ica_rsa_key_crt_t private_key;
unsigned char public_modulus[RSA_KEY_SIZE_BYTES];
unsigned char public_exponent[RSA_KEY_SIZE_BYTES];
unsigned char private_p[RSA_KEY_SIZE_BYTES];
unsigned char private_q[RSA_KEY_SIZE_BYTES];
unsigned char private_dp[RSA_KEY_SIZE_BYTES];
unsigned char private_dq[RSA_KEY_SIZE_BYTES];
unsigned char private_qInverse[RSA_KEY_SIZE_BYTES];
unsigned char plain_data[RSA_DATA_SIZE_BYTES];
unsigned char cipher_data[RSA_DATA_SIZE_BYTES];
unsigned char decrypt_data[RSA_DATA_SIZE_BYTES];
/* This is the adapter handle */
ica_adapter_handle_t handle;
/* Open the adapter */
rc = ica_open_adapter(&handle);
/* Error handling (if necessary). */
if (rc)
return handle_ica_error(rc);
if (handle == DRIVER_NOT_LOADED)
return handle_ica_error(-1);
/* Setup the public_key and private_key structures */
public_key.key_length = RSA_KEY_SIZE_BYTES;
public_key.modulus = public_modulus;
public_key.exponent = public_exponent;
private_key.key_length = RSA_KEY_SIZE_BYTES;
private_key.p = private_p;
private_key.q = private_q;
private_key.dp = private_dp;
private_key.dq = private_dq;
private_key.qInverse = private_qInverse;
/* Zero the key fields
Note: If the exponent element in the public key is not set,
(i.e. all zero) it is randomly generated.*/
memset(public_modulus, 0, sizeof(public_modulus));
memset(public_exponent, 0, sizeof(public_exponent));
memset(private_p, 0, sizeof(private_p));
memset(private_q, 0, sizeof(private_q));
memset(private_dp, 0, sizeof(private_dp));
memset(private_dq, 0, sizeof(private_dq));
memset(private_qInverse, 0, sizeof(private_qInverse));
/* Generate a key for RSA */
rc = ica_rsa_key_generate_crt(handle,
RSA_KEY_SIZE_BITS,
&public_key, &private_key);
/* Error handling (if necessary). */
if (rc)
return handle_ica_error(rc);
printf("Public modulus:\n");
dump_data(public_modulus, sizeof(public_modulus));
printf("Public exponent:\n");
dump_data(public_exponent, sizeof(public_exponent));
printf("Private p:\n");
dump_data(private_p, sizeof(private_p));
printf("Private q:\n");
dump_data(private_q, sizeof(private_q));
printf("Private dp:\n");
dump_data(private_dp, sizeof(private_dp));
printf("Private dq:\n");
dump_data(private_dq, sizeof(private_dq));
printf("Private qInverse:\n");
dump_data(private_qInverse, sizeof(private_qInverse));
/* Left allign the message data into the plain_data buffer
* and padd it to the right with zeros.
* Note: In real life you would perform propper padding of
* the data. In this example we simply left pad the data
* with binary zeros.
*/
memset(plain_data, 0, sizeof(plain_data));
memcpy(plain_data + sizeof(plain_data)-sizeof(message),
message, sizeof(message));
/* Dump plain data to standard output, just for
* a visual control.
*/
printf("plain data:\n");
dump_data(plain_data, sizeof(plain_data));
/* Encrypt the plain data to cipher data, using the public key. */
rc = ica_rsa_mod_expo(handle, plain_data,
&public_key, cipher_data);
/* Error handling (if necessary). */
if (rc)
return handle_ica_error(rc);
/* Dump encrypted data. */
printf("encrypted data:\n");
dump_data(cipher_data, sizeof(plain_data));
/* Decrypt cipher data to dercrypt data, using the private key. */
rc = ica_rsa_crt(handle, cipher_data,
&private_key, decrypt_data);
/* Error handling (if necessary). */
if (rc)
return handle_ica_error(rc);
/* Dump decrypted data.
* Note: Please compare output with the plain data, they are the same.
*/
printf("decrypted data:\n");
dump_data(decrypt_data, sizeof(plain_data));
/* In our example, the data is right alligned in the buffer, padded with
* zeros to the left. Find first non zero byte which is the start of the
* original data.
* Note: In real life the data would be properly padded and thus would
* have to be unpadded first.
*/
unsigned char *c;
for(c=decrypt_data;
c<decrypt_data+sizeof(plain_data) && *c==0x00;
c++);
/* Surprise... :-)
* Note: The following will only work in this example!
*/
printf("%s\n", c);
/* Close the adapter */
rc = ica_close_adapter(handle);
/* Error handling (if necessary). */
if (rc)
return handle_ica_error(rc);
}
static void dump_data(unsigned char *data, unsigned long length)
{
unsigned char *ptr;
int i;
for (ptr = data, i = 1; ptr < (data+length); ptr++, i++) {
printf("0x%02x ", *ptr);
if ((i % 16) == 0)
printf("\n");
}
if (i % 16)
printf("\n");
}
static int handle_ica_error(int rc)
{
switch (rc) {
case 0:
printf("OK\n");
break;
case EINVAL:
printf("Incorrect parameter.\n");
break;
case EPERM:
printf("Operation not permitted by Hardware (CPACF).\n");
break;
case EIO:
printf("I/O error.\n");
break;
case -1:
printf("Driver not loaded\n");
break;
default:
printf("unknown error.\n");
}
return rc;
}