cryptosystem_comparison.cc

/*
 * Copyright 2003 Michael A. Marsh, Cornell University. All rights reserved.
 * This software is released under the modified BSD license.
 * See the file LICENSE in the top-level directory for details.
 */
//
// $Id: cryptosystem_comparison.cc,v 1.5 2005/01/15 03:41:37 mmarsh Exp $
//
// $Log: cryptosystem_comparison.cc,v $
// Revision 1.5  2005/01/15 03:41:37  mmarsh
// Updated to work with more recent versions of g++.
//
// Revision 1.4  2004/05/19 15:56:46  mmarsh
// *** empty log message ***
//
// Revision 1.3  2003/11/04 22:07:35  mmarsh
// General code cleanup and reorganization.
//
//

#include <fstream>
#include <sstream>
#include <openssl/ssl.h>
#include <openssl/conf.h>
#include <unistd.h>

#include "CODEX_Ciphers/RSA.h"
#include "CODEX_Ciphers/RSAPlaintextPK.h"
#include "CODEX_Ciphers/VarRSA.h"
#include "CODEX_Ciphers/ElGamal.h"
#include "CODEX_Ciphers/SHA1HashFunction.h"
#include "CODEX_Server/ConfigurationExceptions.h"
#include "CODEX_Server/ServerState.h"
#include "CODEX_ThresholdCrypto/CombinatoricThresholdRSA.h"

#include "timing.h"

using namespace CODEX_Server;
using namespace std;

int main( int argc, char** argv )
{
#ifndef TIMING
   cerr << "Timing must be configured" << endl;
   return 1;
#else

   SSLeay_add_ssl_algorithms();

   int arg = 0;
   string fname;
   string config_section;
   string usage_string(
      "Usage: cryptosystem_comparison -c <config_file> [-s <section>]");
   while ( -1 != arg )
   {
      arg = getopt(argc,argv,"c:s:");
      switch(arg)
      {
         case 'c' :
            fname = optarg;
            break;
         case 's' :
            config_section = optarg;
            break;
         case ':' :
         case '?' :
            cerr << usage_string << endl;
            ::exit(1);
      }
   }
   if ( 0 == fname.size() )
   {
      cerr << usage_string << endl;
      ::exit(1);
   }

   unsigned int nerror = 0;
   try
   {
      CONF* conf = NCONF_new(NCONF_default());
      if ( 0 == NCONF_load(conf,fname.c_str(),0) )
      {
         throw CODEX_Exceptions::FileCannotOpenException( __FILE__ ,
                                                          __LINE__ ,
                                                          fname );
      }
      char* section = (char*) config_section.c_str();

      const unsigned int N = ServerState::nServers;
      const unsigned int T = 1 + ServerState::nFaults;

      long dummy;
      if ( ! NCONF_get_number_e(conf,section,"nhosts",&dummy) )
      {
         throw BCParameterNotDefinedException( __FILE__ , __LINE__ ,
                                               fname, "nhosts" );
      }
      if ( N != dummy )
      {
         throw BCBadValueException( __FILE__ , __LINE__ , fname, "nhosts" );
      }
      if ( ! NCONF_get_number_e(conf,section,"nfaults",&dummy) )
      {
         throw BCParameterNotDefinedException( __FILE__ , __LINE__ ,
                                               fname, "nfaults" );
      }
      if ( (T-1) != dummy )
      {
         throw BCBadValueException( __FILE__ , __LINE__ , fname, "nfaults" );
      }

      const char* pubKeyFile =
         NCONF_get_string(conf,section,"service_cert_file");
      if ( 0 == pubKeyFile )
      {
         throw BCBadValueException( __FILE__ , __LINE__ ,
                                    fname, "service_cert_file" );
      }
      CODEX_ASN1::Certificate cert;
      cert.fromPEMFile( pubKeyFile );
      CODEX_Ciphers::RSAPublicKey pubKey( cert.value() );

      const char* privKeyFile =
         NCONF_get_string(conf,section,"private_key_file");
      if ( 0 == privKeyFile )
      {
         throw BCBadValueException( __FILE__ , __LINE__ ,
                                    fname, "private_key_file" );
      }
      const char* privKeyPasswd =
         NCONF_get_string(conf,section,"private_key_passwd");
      CODEX_Ciphers::RSAPrivateKey privKey;
      privKey.fromPEMFile( privKeyFile, privKeyPasswd );

      const char* pubEGKeyFile =
         NCONF_get_string(conf,section,"public_eg_key_file");
      if ( 0 == pubEGKeyFile )
      {
         throw BCParameterNotDefinedException( __FILE__ , __LINE__ ,
                                               fname, "public_eg_key_file" );
      }
      const char* privEGKeyFile =
         NCONF_get_string(conf,section,"private_eg_key_file");
      if ( 0 == privEGKeyFile )
      {
         throw BCParameterNotDefinedException( __FILE__ , __LINE__ ,
                                               fname, "private_eg_key_file" );
      }

      CODEX_Server::SignedAugmentedEGPublicKey signedPubEGKey;
      ifstream is(pubEGKeyFile);
      if ( ! is.is_open() )
      {
         throw CODEX_Exceptions::FileCannotOpenException( __FILE__ ,
                                                          __LINE__ ,
                                                          pubEGKeyFile );
      }
      string s;
      char ch;
      while ( is.get(ch) )
      {
         s.push_back(ch);
      }
      //basic_string<unsigned char> s;
      //is >> s;
      unsigned int length = s.length();
      //unsigned char* p = (unsigned char*)s.data();
      unsigned char* p = new unsigned char[length];
      unsigned char* pOrig = p;
      for ( unsigned int i = 0 ; i < length ; ++i )
      {
         p[i] = s.data()[i];
      }
      if ( 0 == signedPubEGKey.unmarshal(0,&p,length) )
      {
         delete [] pOrig;
         throw PublicKeyNotFoundException( __FILE__ , __LINE__ );
      }
      delete [] pOrig;
      const CODEX_Ciphers::ElGamalPublicKey& pubEGKey =
         signedPubEGKey.key().key();
      CODEX_Ciphers::ElGamalPrivateKey privEGKey;
      privEGKey.fromFile( privEGKeyFile );

      typedef CODEX_VSS::ModExpFunctional                     OneWay;
      typedef CODEX_VSS::Combinatoric< N , T >                ShareType;
      typedef CODEX_VSS::LabeledShare< ShareType , OneWay >   LSType;
      typedef CODEX_VSS::SecretWitness< ShareType , OneWay >  WitnessType;

      const char* output_dir =
         NCONF_get_string(conf,section,"output_directory");
      if ( 0 == output_dir )
      {
         throw BCParameterNotDefinedException( __FILE__ , __LINE__ ,
                                               fname, "output_directory" );
      }

      WitnessType rsaWitness;
      ostringstream rwstr;
      rwstr << output_dir << "/rsa.witness\0";
      rsaWitness.fromFile( rwstr.str().c_str() );

      WitnessType egWitness;
      ostringstream ewstr;
      ewstr << output_dir << "/elgamal.witness\0";
      egWitness.fromFile( ewstr.str().c_str() );

      LSType rsaSharings[N];
      LSType elgamalSharings[N];
      for ( unsigned int i = 0 ; i < N ; ++i )
      {
         ostringstream rstr;
         rstr << output_dir << "/rsa." << i << ".shares" << '\0';
         rsaSharings[i].fromFile( rstr.str().c_str() );
         ostringstream estr;
         estr << output_dir << "/elgamal." << i << ".shares" << '\0';
         elgamalSharings[i].fromFile( estr.str().c_str() );
      }

      // Clean up CONF object.
      NCONF_free( conf );

      // Now that we have everything read in it's time to perform our tests.
      // We assume that the partial decryption for RSA uses a different
      // timer than the partial decryption for ElGamal.  This will only
      // be true during the testing, since it makes more sense for them
      // both to use the same timer, since only one will generally be
      // in use at one time.

      // For our earlier timing studies, the client used its private RSA
      // exponent.  Here we'll use the service's private RSA exponent.
      // There are two tests to do:
      //
      //  1) partial (blind) decryption in RSA vs ElGamal
      //  2) verifying Schnorr-signed ElGamal ciphertexts vs the Ohta-Okamoto
      //     RSA plaintext-knowledge proof

      // First we set up the plaintext, ciphertexts, proofs, etc.
      // The RSA public key will be used as the credentials.
      const CODEX_ASN1::SecureBigNumber& plaintext = privKey.d();
      const CODEX_Ciphers::HashFunction& hashFunc =
         ServerState::instance()->hashFunc();

      const BIGNUM * bmax = ( pubKey.n() > pubEGKey.p() ) ?
         pubEGKey.p().value() :
         pubKey.n().value();

      BIGNUM * r = 0;
      BIGNUM * b = 0;

      CODEX_Ciphers::VarRSAPublicKey         varRSAEncKey( pubKey );
      CODEX_Ciphers::VarRSACipherText*       rsaEncryption      = 0;
      CODEX_Ciphers::RSAPlaintextPK*         rsaProof           = 0;
      CODEX_Ciphers::RSACipherText*          rsaBlindingCipher  = 0;
      CODEX_Ciphers::VarRSABlindCipherText*  rsaBlindEncryption = 0;

      CODEX_Ciphers::ElGamalSchnorrCipherText*  egEncryption      = 0;
      CODEX_Ciphers::ElGamalSchnorrCipherText*  egBlindingCipher  = 0;
      CODEX_Ciphers::ElGamalCipherText*         egBlindEncryption = 0;

      try
      {
         r = BN_new();
         if ( 0 == r )
         {
            throw CODEX_Exceptions::BignumNullException( __FILE__ , __LINE__ );
         }
         rsaEncryption =
            varRSAEncKey.encrypt( plaintext.value(), hashFunc, r );
         rsaProof =
            new CODEX_Ciphers::RSAPlaintextPK( r, pubKey, pubKey, hashFunc );
         r = 0;

         egEncryption =
            pubEGKey.encryptS( plaintext.value(), pubKey, hashFunc );
      }
      catch ( ... )
      {
         if ( 0 != r ) BN_clear_free(r);
         if ( 0 != rsaEncryption ) delete rsaEncryption;
         if ( 0 != rsaProof ) delete rsaProof;
         if ( 0 != egEncryption ) delete egEncryption;
         throw;
      }

      CODEX_ThresholdCrypto::ThresholdVarRSACrypto< ShareType >
         tRSA( pubKey.n() );
      CODEX_ThresholdCrypto::ThresholdElGamalCrypto< ShareType >
         tEG( pubEGKey.p() );

      ShareType rsaDecShares;
      ShareType egDecShares;

      // Now we loop...
      for ( unsigned int i = 0 ; i < 100000 ; ++i )
      {
         if ( 0 == i%1000 )
         {
            PartialDecTimer.print(cout);
            PartialRSADecTimer.print(cout);
            SchnorrTimer.print(cout);
            RSAPPKTimer.print(cout);

            PartialDecTimer.clear();
            PartialRSADecTimer.clear();
            SchnorrTimer.clear();
            RSAPPKTimer.clear();
         }
         try
         {
            // Verify the proofs
            if ( ! egEncryption->verify( pubEGKey.g(),
                                         pubEGKey.p(),
                                         pubKey,
                                         hashFunc ) )
            {
               cerr << "Failed to verify Schnorr proof!" << endl;
               return 1;
            }
            if ( ! rsaProof->verify( rsaEncryption->c1(),
                                     pubKey,
                                     pubKey,
                                     hashFunc ) )
            {
               cerr << "Failed to verify RSA proof!" << endl;
               return 1;
            }

            // Set up blinding
            b = BN_new();
            if ( 0 == b )
            {
               throw CODEX_Exceptions::BignumNullException( __FILE__ ,
                                                            __LINE__ );
            }
            if ( ! BN_rand_range( b, (BIGNUM*)bmax ) )
            {
               throw CODEX_Exceptions::BignumRandRangeException( __FILE__ ,
                                                                 __LINE__ );
            }
            rsaBlindingCipher = pubKey.encrypt( b );
            egBlindingCipher = pubEGKey.encryptS( b, pubKey, hashFunc );
            BN_clear_free( b );
            b = 0;

            // Blind ciphertexts
            rsaBlindEncryption =
               rsaEncryption->blind( *rsaBlindingCipher, pubKey.n() );
            egBlindEncryption =
               egEncryption->blind( *egBlindingCipher, pubEGKey.p() );

            // Perform partial decryptions
            tRSA.decrypt( rsaSharings[0].share(),
                          *rsaBlindEncryption,
                          rsaDecShares );
            tEG.decrypt( elgamalSharings[0].share(),
                         *egBlindEncryption,
                         egDecShares );

            delete rsaBlindingCipher;
            delete egBlindingCipher;
            delete rsaBlindEncryption;
            delete egBlindEncryption;
         }
         catch ( ... )
         {
            if ( 0 != b ) BN_clear_free(b);
            if ( 0 != rsaBlindingCipher ) delete rsaBlindingCipher;
            if ( 0 != egBlindingCipher ) delete egBlindingCipher;
            if ( 0 != rsaBlindEncryption ) delete rsaBlindEncryption;
            if ( 0 != egBlindEncryption ) delete egBlindEncryption;
            throw;
         }
      }

      delete rsaEncryption;
      delete rsaProof;
      delete egEncryption;

   }
   catch ( CODEX_Exceptions::ExceptionBase& e )
   {
      e.report();
      return 1;
   }

   PartialDecTimer.print(cout);
   PartialRSADecTimer.print(cout);
   SchnorrTimer.print(cout);
   RSAPPKTimer.print(cout);

   return 0;
#endif
}

---