From 8934e10e139d45e5bc9b6874b3c630461d55607c Mon Sep 17 00:00:00 2001
From: Rob Austein <sra@hactrn.net>
Date: Thu, 11 Jun 2015 18:21:50 -0400
Subject: Debug modexp_fp() buffer handling.  Add basic timing report.
 Compensate for PyCrypto's weird inversion of p and q when calculating CRT
 coefficients, and add key the key components PyCrypto doesn't bother
 pre-calculating to our test data.

---
 tests/test-rsa.py | 29 +++++++++++++++++++++++------
 1 file changed, 23 insertions(+), 6 deletions(-)

(limited to 'tests/test-rsa.py')

diff --git a/tests/test-rsa.py b/tests/test-rsa.py
index 3824276..8f3f8b5 100644
--- a/tests/test-rsa.py
+++ b/tests/test-rsa.py
@@ -36,7 +36,7 @@ from argparse                           import ArgumentParser, FileType
 from Crypto                             import __version__ as PyCryptoVersion
 from Crypto.PublicKey                   import RSA
 from Crypto.Hash                        import SHA256
-from Crypto.Util.number                 import long_to_bytes
+from Crypto.Util.number                 import long_to_bytes, inverse
 from Crypto.Signature.PKCS1_v1_5        import EMSA_PKCS1_V1_5_ENCODE, PKCS115_SigScheme
 from textwrap                           import TextWrapper
 import sys, os.path
@@ -101,6 +101,8 @@ printlines("/*",
            plaintext  = plaintext,
            digest     = h.hexdigest())
 
+fields = ("n", "e", "d", "p", "q", "dP", "dQ", "u", "m", "s")
+
 for k_len in args.key_lengths:
 
   k = RSA.generate(k_len)       # Cryptlib insists u < p, probably with good reason,
@@ -123,14 +125,29 @@ for k_len in args.key_lengths:
              "*/", "",
              k_len = k_len, pkcs  = args.pkcs_encoding)
 
-  for component in k.keydata:
-    print_hex("%s_%d" % (component, k_len),
-              long_to_bytes(getattr(k, component), blocksize = blocksize),
-              "key component %s" % component)
+  # PyCrypto doesn't precalculate dP or dQ, and for some reason it
+  # does u backwards (uses (1/p % q) and swaps the roles of p and q in
+  # the CRT calculation to compensate), so we just calculate our own.
+
+  for name in fields:
+    if name in "ms":
+      continue
+    elif name == "dP":
+      value = k.d % (k.p - 1)
+    elif name == "dQ":
+      value = k.d % (k.q - 1)
+    elif name == "u":
+      value = inverse(k.q, k.p)
+    else:
+      value = getattr(k, name)
+
+    print_hex("%s_%d" % (name, k_len),
+              long_to_bytes(value, blocksize = blocksize),
+              "key component %s" % name)
+
   print_hex("m_%d" % k_len, pad_to_blocksize(m, blocksize), "message to be signed")
   print_hex("s_%d" % k_len, pad_to_blocksize(s, blocksize), "signed message")
 
-fields = "nedpqums"
 printlines("typedef struct { const uint8_t *val; size_t len; } rsa_tc_bn_t;",
            "typedef struct { size_t size; rsa_tc_bn_t %(fields)s; } rsa_tc_t;",
            "",
-- 
cgit v1.2.3