annotate rsa.c @ 1526:36ab6b091ad3

limit rsa->e size to 64 bits
author Matt Johnston <matt@ucc.asn.au>
date Sat, 17 Feb 2018 19:41:44 +0800
parents 06d52bcb8094
children bb8eaa26bc93
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1 /*
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
2 * Dropbear - a SSH2 server
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
3 *
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
4 * Copyright (c) 2002,2003 Matt Johnston
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
5 * All rights reserved.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
6 *
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
8 * of this software and associated documentation files (the "Software"), to deal
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
9 * in the Software without restriction, including without limitation the rights
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
11 * copies of the Software, and to permit persons to whom the Software is
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
12 * furnished to do so, subject to the following conditions:
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
13 *
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
14 * The above copyright notice and this permission notice shall be included in
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
15 * all copies or substantial portions of the Software.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
16 *
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
20 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
23 * SOFTWARE. */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
24
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
25 /* Perform RSA operations on data, including reading keys, signing and
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
26 * verification.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
27 *
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
28 * The format is specified in rfc2437, Applied Cryptography or The Handbook of
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
29 * Applied Cryptography detail the general algorithm. */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
30
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
31 #include "includes.h"
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
32 #include "dbutil.h"
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
33 #include "bignum.h"
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
34 #include "rsa.h"
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
35 #include "buffer.h"
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
36 #include "ssh.h"
858
220f55d540ae rename random.h to dbrandom.h since some OSes have a system random.h
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
37 #include "dbrandom.h"
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
38
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1250
diff changeset
39 #if DROPBEAR_RSA
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
40
1459
06d52bcb8094 Pointer parameter could be declared as pointing to const
Francois Perrad <francois.perrad@gadz.org>
parents: 1409
diff changeset
41 static void rsa_pad_em(const dropbear_rsa_key * key,
06d52bcb8094 Pointer parameter could be declared as pointing to const
Francois Perrad <francois.perrad@gadz.org>
parents: 1409
diff changeset
42 const buffer *data_buf, mp_int * rsa_em);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
43
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
44 /* Load a public rsa key from a buffer, initialising the values.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
45 * The key will have the same format as buf_put_rsa_key.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
46 * These should be freed with rsa_key_free.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
47 * Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
586
b50f0107e505 Rename rsa_key to dropbear_rsa_key (and same for dss too) so
Matt Johnston <matt@ucc.asn.au>
parents: 378
diff changeset
48 int buf_get_rsa_pub_key(buffer* buf, dropbear_rsa_key *key) {
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
49
1250
2bb4c662d1c2 more hard tab
Francois Perrad <francois.perrad@gadz.org>
parents: 1249
diff changeset
50 int ret = DROPBEAR_FAILURE;
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 84
diff changeset
51 TRACE(("enter buf_get_rsa_pub_key"))
241
c5d3ef11155f * use own assertions which should get logged properly
Matt Johnston <matt@ucc.asn.au>
parents: 216
diff changeset
52 dropbear_assert(key != NULL);
805
724c3e0c8734 Add m_mp_alloc_init_multi() helper
Matt Johnston <matt@ucc.asn.au>
parents: 801
diff changeset
53 m_mp_alloc_init_multi(&key->e, &key->n, NULL);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
54 key->d = NULL;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
55 key->p = NULL;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
56 key->q = NULL;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
57
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
58 buf_incrpos(buf, 4+SSH_SIGNKEY_RSA_LEN); /* int + "ssh-rsa" */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
59
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
60 if (buf_getmpint(buf, key->e) == DROPBEAR_FAILURE
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
61 || buf_getmpint(buf, key->n) == DROPBEAR_FAILURE) {
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 84
diff changeset
62 TRACE(("leave buf_get_rsa_pub_key: failure"))
1250
2bb4c662d1c2 more hard tab
Francois Perrad <francois.perrad@gadz.org>
parents: 1249
diff changeset
63 goto out;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
64 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
65
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
66 if (mp_count_bits(key->n) < MIN_RSA_KEYLEN) {
594
a98a2138364a Improve capitalisation for all logged strings
Matt Johnston <matt@ucc.asn.au>
parents: 586
diff changeset
67 dropbear_log(LOG_WARNING, "RSA key too short");
1250
2bb4c662d1c2 more hard tab
Francois Perrad <francois.perrad@gadz.org>
parents: 1249
diff changeset
68 goto out;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
69 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
70
1526
36ab6b091ad3 limit rsa->e size to 64 bits
Matt Johnston <matt@ucc.asn.au>
parents: 1459
diff changeset
71 /* 64 bit is limit used by openssl, so we won't block any keys in the wild */
36ab6b091ad3 limit rsa->e size to 64 bits
Matt Johnston <matt@ucc.asn.au>
parents: 1459
diff changeset
72 if (mp_count_bits(key->e) > 64) {
36ab6b091ad3 limit rsa->e size to 64 bits
Matt Johnston <matt@ucc.asn.au>
parents: 1459
diff changeset
73 dropbear_log(LOG_WARNING, "RSA key bad e");
36ab6b091ad3 limit rsa->e size to 64 bits
Matt Johnston <matt@ucc.asn.au>
parents: 1459
diff changeset
74 goto out;
36ab6b091ad3 limit rsa->e size to 64 bits
Matt Johnston <matt@ucc.asn.au>
parents: 1459
diff changeset
75 }
36ab6b091ad3 limit rsa->e size to 64 bits
Matt Johnston <matt@ucc.asn.au>
parents: 1459
diff changeset
76
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 84
diff changeset
77 TRACE(("leave buf_get_rsa_pub_key: success"))
1249
c6346c63281b refactor indentation with hard tab
Francois Perrad <francois.perrad@gadz.org>
parents: 1123
diff changeset
78 ret = DROPBEAR_SUCCESS;
370
9a789fc03f40 Make sure that we clean up key parts if we fail during reading a rsa key
Matt Johnston <matt@ucc.asn.au>
parents: 276
diff changeset
79 out:
1249
c6346c63281b refactor indentation with hard tab
Francois Perrad <francois.perrad@gadz.org>
parents: 1123
diff changeset
80 if (ret == DROPBEAR_FAILURE) {
1409
c721e8c42d2a add m_mp_free_multi, be more careful freeing when failing to load keys
Matt Johnston <matt@ucc.asn.au>
parents: 1402
diff changeset
81 m_mp_free_multi(&key->e, &key->n, NULL);
1249
c6346c63281b refactor indentation with hard tab
Francois Perrad <francois.perrad@gadz.org>
parents: 1123
diff changeset
82 }
370
9a789fc03f40 Make sure that we clean up key parts if we fail during reading a rsa key
Matt Johnston <matt@ucc.asn.au>
parents: 276
diff changeset
83 return ret;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
84 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
85
370
9a789fc03f40 Make sure that we clean up key parts if we fail during reading a rsa key
Matt Johnston <matt@ucc.asn.au>
parents: 276
diff changeset
86 /* Same as buf_get_rsa_pub_key, but reads private bits at the end.
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
87 * Loads a private rsa key from a buffer
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
88 * Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
586
b50f0107e505 Rename rsa_key to dropbear_rsa_key (and same for dss too) so
Matt Johnston <matt@ucc.asn.au>
parents: 378
diff changeset
89 int buf_get_rsa_priv_key(buffer* buf, dropbear_rsa_key *key) {
1250
2bb4c662d1c2 more hard tab
Francois Perrad <francois.perrad@gadz.org>
parents: 1249
diff changeset
90 int ret = DROPBEAR_FAILURE;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
91
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 84
diff changeset
92 TRACE(("enter buf_get_rsa_priv_key"))
370
9a789fc03f40 Make sure that we clean up key parts if we fail during reading a rsa key
Matt Johnston <matt@ucc.asn.au>
parents: 276
diff changeset
93 dropbear_assert(key != NULL);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
94
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
95 if (buf_get_rsa_pub_key(buf, key) == DROPBEAR_FAILURE) {
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 84
diff changeset
96 TRACE(("leave buf_get_rsa_priv_key: pub: ret == DROPBEAR_FAILURE"))
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
97 return DROPBEAR_FAILURE;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
98 }
370
9a789fc03f40 Make sure that we clean up key parts if we fail during reading a rsa key
Matt Johnston <matt@ucc.asn.au>
parents: 276
diff changeset
99
9a789fc03f40 Make sure that we clean up key parts if we fail during reading a rsa key
Matt Johnston <matt@ucc.asn.au>
parents: 276
diff changeset
100 key->d = NULL;
9a789fc03f40 Make sure that we clean up key parts if we fail during reading a rsa key
Matt Johnston <matt@ucc.asn.au>
parents: 276
diff changeset
101 key->p = NULL;
9a789fc03f40 Make sure that we clean up key parts if we fail during reading a rsa key
Matt Johnston <matt@ucc.asn.au>
parents: 276
diff changeset
102 key->q = NULL;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
103
807
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 805
diff changeset
104 m_mp_alloc_init_multi(&key->d, NULL);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
105 if (buf_getmpint(buf, key->d) == DROPBEAR_FAILURE) {
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 84
diff changeset
106 TRACE(("leave buf_get_rsa_priv_key: d: ret == DROPBEAR_FAILURE"))
1250
2bb4c662d1c2 more hard tab
Francois Perrad <francois.perrad@gadz.org>
parents: 1249
diff changeset
107 goto out;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
108 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
109
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
110 if (buf->pos == buf->len) {
1250
2bb4c662d1c2 more hard tab
Francois Perrad <francois.perrad@gadz.org>
parents: 1249
diff changeset
111 /* old Dropbear private keys didn't keep p and q, so we will ignore them*/
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
112 } else {
805
724c3e0c8734 Add m_mp_alloc_init_multi() helper
Matt Johnston <matt@ucc.asn.au>
parents: 801
diff changeset
113 m_mp_alloc_init_multi(&key->p, &key->q, NULL);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
114
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
115 if (buf_getmpint(buf, key->p) == DROPBEAR_FAILURE) {
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 84
diff changeset
116 TRACE(("leave buf_get_rsa_priv_key: p: ret == DROPBEAR_FAILURE"))
1250
2bb4c662d1c2 more hard tab
Francois Perrad <francois.perrad@gadz.org>
parents: 1249
diff changeset
117 goto out;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
118 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
119
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
120 if (buf_getmpint(buf, key->q) == DROPBEAR_FAILURE) {
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 84
diff changeset
121 TRACE(("leave buf_get_rsa_priv_key: q: ret == DROPBEAR_FAILURE"))
1250
2bb4c662d1c2 more hard tab
Francois Perrad <francois.perrad@gadz.org>
parents: 1249
diff changeset
122 goto out;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
123 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
124 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
125
1250
2bb4c662d1c2 more hard tab
Francois Perrad <francois.perrad@gadz.org>
parents: 1249
diff changeset
126 ret = DROPBEAR_SUCCESS;
370
9a789fc03f40 Make sure that we clean up key parts if we fail during reading a rsa key
Matt Johnston <matt@ucc.asn.au>
parents: 276
diff changeset
127 out:
1250
2bb4c662d1c2 more hard tab
Francois Perrad <francois.perrad@gadz.org>
parents: 1249
diff changeset
128 if (ret == DROPBEAR_FAILURE) {
1409
c721e8c42d2a add m_mp_free_multi, be more careful freeing when failing to load keys
Matt Johnston <matt@ucc.asn.au>
parents: 1402
diff changeset
129 m_mp_free_multi(&key->d, &key->p, &key->q, NULL);
1250
2bb4c662d1c2 more hard tab
Francois Perrad <francois.perrad@gadz.org>
parents: 1249
diff changeset
130 }
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 84
diff changeset
131 TRACE(("leave buf_get_rsa_priv_key"))
1250
2bb4c662d1c2 more hard tab
Francois Perrad <francois.perrad@gadz.org>
parents: 1249
diff changeset
132 return ret;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
133 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
134
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
135
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
136 /* Clear and free the memory used by a public or private key */
586
b50f0107e505 Rename rsa_key to dropbear_rsa_key (and same for dss too) so
Matt Johnston <matt@ucc.asn.au>
parents: 378
diff changeset
137 void rsa_key_free(dropbear_rsa_key *key) {
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
138
731
9a5438271556 Move the more verbose TRACE() statements into TRACE2()
Matt Johnston <matt@ucc.asn.au>
parents: 594
diff changeset
139 TRACE2(("enter rsa_key_free"))
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
140
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
141 if (key == NULL) {
731
9a5438271556 Move the more verbose TRACE() statements into TRACE2()
Matt Johnston <matt@ucc.asn.au>
parents: 594
diff changeset
142 TRACE2(("leave rsa_key_free: key == NULL"))
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
143 return;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
144 }
1409
c721e8c42d2a add m_mp_free_multi, be more careful freeing when failing to load keys
Matt Johnston <matt@ucc.asn.au>
parents: 1402
diff changeset
145 m_mp_free_multi(&key->d, &key->e, &key->p, &key->q, &key->n, NULL);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
146 m_free(key);
731
9a5438271556 Move the more verbose TRACE() statements into TRACE2()
Matt Johnston <matt@ucc.asn.au>
parents: 594
diff changeset
147 TRACE2(("leave rsa_key_free"))
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
148 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
149
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
150 /* Put the public rsa key into the buffer in the required format:
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
151 *
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
152 * string "ssh-rsa"
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
153 * mp_int e
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
154 * mp_int n
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
155 */
1459
06d52bcb8094 Pointer parameter could be declared as pointing to const
Francois Perrad <francois.perrad@gadz.org>
parents: 1409
diff changeset
156 void buf_put_rsa_pub_key(buffer* buf, const dropbear_rsa_key *key) {
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
157
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 84
diff changeset
158 TRACE(("enter buf_put_rsa_pub_key"))
241
c5d3ef11155f * use own assertions which should get logged properly
Matt Johnston <matt@ucc.asn.au>
parents: 216
diff changeset
159 dropbear_assert(key != NULL);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
160
1123
d7b752525b91 buf_getstring and buf_putstring now use non-unsigned char*
Matt Johnston <matt@ucc.asn.au>
parents: 1094
diff changeset
161 buf_putstring(buf, SSH_SIGNKEY_RSA, SSH_SIGNKEY_RSA_LEN);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
162 buf_putmpint(buf, key->e);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
163 buf_putmpint(buf, key->n);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
164
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 84
diff changeset
165 TRACE(("leave buf_put_rsa_pub_key"))
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
166
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
167 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
168
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
169 /* Same as buf_put_rsa_pub_key, but with the private "x" key appended */
1459
06d52bcb8094 Pointer parameter could be declared as pointing to const
Francois Perrad <francois.perrad@gadz.org>
parents: 1409
diff changeset
170 void buf_put_rsa_priv_key(buffer* buf, const dropbear_rsa_key *key) {
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
171
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 84
diff changeset
172 TRACE(("enter buf_put_rsa_priv_key"))
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
173
241
c5d3ef11155f * use own assertions which should get logged properly
Matt Johnston <matt@ucc.asn.au>
parents: 216
diff changeset
174 dropbear_assert(key != NULL);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
175 buf_put_rsa_pub_key(buf, key);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
176 buf_putmpint(buf, key->d);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
177
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
178 /* new versions have p and q, old versions don't */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
179 if (key->p) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
180 buf_putmpint(buf, key->p);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
181 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
182 if (key->q) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
183 buf_putmpint(buf, key->q);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
184 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
185
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
186
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 84
diff changeset
187 TRACE(("leave buf_put_rsa_priv_key"))
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
188
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
189 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
190
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1250
diff changeset
191 #if DROPBEAR_SIGNKEY_VERIFY
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
192 /* Verify a signature in buf, made on data by the key given.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
193 * Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
1459
06d52bcb8094 Pointer parameter could be declared as pointing to const
Francois Perrad <francois.perrad@gadz.org>
parents: 1409
diff changeset
194 int buf_rsa_verify(buffer * buf, const dropbear_rsa_key *key, const buffer *data_buf) {
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
195 unsigned int slen;
84
29a5c7c62350 default initialisers for mp_ints
Matt Johnston <matt@ucc.asn.au>
parents: 70
diff changeset
196 DEF_MP_INT(rsa_s);
29a5c7c62350 default initialisers for mp_ints
Matt Johnston <matt@ucc.asn.au>
parents: 70
diff changeset
197 DEF_MP_INT(rsa_mdash);
188
c9483550701b - refactored random mp_int generation and byte->mp_int code
Matt Johnston <matt@ucc.asn.au>
parents: 165
diff changeset
198 DEF_MP_INT(rsa_em);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
199 int ret = DROPBEAR_FAILURE;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
200
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 84
diff changeset
201 TRACE(("enter buf_rsa_verify"))
34
e2a1eaa19f22 Client mostly works up to password auth
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
202
241
c5d3ef11155f * use own assertions which should get logged properly
Matt Johnston <matt@ucc.asn.au>
parents: 216
diff changeset
203 dropbear_assert(key != NULL);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
204
188
c9483550701b - refactored random mp_int generation and byte->mp_int code
Matt Johnston <matt@ucc.asn.au>
parents: 165
diff changeset
205 m_mp_init_multi(&rsa_mdash, &rsa_s, &rsa_em, NULL);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
206
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
207 slen = buf_getint(buf);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
208 if (slen != (unsigned int)mp_unsigned_bin_size(key->n)) {
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 84
diff changeset
209 TRACE(("bad size"))
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
210 goto out;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
211 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
212
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
213 if (mp_read_unsigned_bin(&rsa_s, buf_getptr(buf, buf->len - buf->pos),
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
214 buf->len - buf->pos) != MP_OKAY) {
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 84
diff changeset
215 TRACE(("failed reading rsa_s"))
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
216 goto out;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
217 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
218
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
219 /* check that s <= n-1 */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
220 if (mp_cmp(&rsa_s, key->n) != MP_LT) {
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 84
diff changeset
221 TRACE(("s > n-1"))
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
222 goto out;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
223 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
224
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
225 /* create the magic PKCS padded value */
760
f336d232fc63 Make _sign and _verify functions take a buffer* rather than void* and int
Matt Johnston <matt@ucc.asn.au>
parents: 594
diff changeset
226 rsa_pad_em(key, data_buf, &rsa_em);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
227
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
228 if (mp_exptmod(&rsa_s, key->e, key->n, &rsa_mdash) != MP_OKAY) {
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 84
diff changeset
229 TRACE(("failed exptmod rsa_s"))
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
230 goto out;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
231 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
232
188
c9483550701b - refactored random mp_int generation and byte->mp_int code
Matt Johnston <matt@ucc.asn.au>
parents: 165
diff changeset
233 if (mp_cmp(&rsa_em, &rsa_mdash) == MP_EQ) {
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
234 /* signature is valid */
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 84
diff changeset
235 TRACE(("success!"))
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
236 ret = DROPBEAR_SUCCESS;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
237 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
238
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
239 out:
188
c9483550701b - refactored random mp_int generation and byte->mp_int code
Matt Johnston <matt@ucc.asn.au>
parents: 165
diff changeset
240 mp_clear_multi(&rsa_mdash, &rsa_s, &rsa_em, NULL);
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 84
diff changeset
241 TRACE(("leave buf_rsa_verify: ret %d", ret))
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
242 return ret;
188
c9483550701b - refactored random mp_int generation and byte->mp_int code
Matt Johnston <matt@ucc.asn.au>
parents: 165
diff changeset
243 }
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
244
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
245 #endif /* DROPBEAR_SIGNKEY_VERIFY */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
246
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
247 /* Sign the data presented with key, writing the signature contents
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
248 * to the buffer */
1459
06d52bcb8094 Pointer parameter could be declared as pointing to const
Francois Perrad <francois.perrad@gadz.org>
parents: 1409
diff changeset
249 void buf_put_rsa_sign(buffer* buf, const dropbear_rsa_key *key, const buffer *data_buf) {
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
250 unsigned int nsize, ssize;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
251 unsigned int i;
84
29a5c7c62350 default initialisers for mp_ints
Matt Johnston <matt@ucc.asn.au>
parents: 70
diff changeset
252 DEF_MP_INT(rsa_s);
188
c9483550701b - refactored random mp_int generation and byte->mp_int code
Matt Johnston <matt@ucc.asn.au>
parents: 165
diff changeset
253 DEF_MP_INT(rsa_tmp1);
c9483550701b - refactored random mp_int generation and byte->mp_int code
Matt Johnston <matt@ucc.asn.au>
parents: 165
diff changeset
254 DEF_MP_INT(rsa_tmp2);
c9483550701b - refactored random mp_int generation and byte->mp_int code
Matt Johnston <matt@ucc.asn.au>
parents: 165
diff changeset
255 DEF_MP_INT(rsa_tmp3);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
256
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 84
diff changeset
257 TRACE(("enter buf_put_rsa_sign"))
241
c5d3ef11155f * use own assertions which should get logged properly
Matt Johnston <matt@ucc.asn.au>
parents: 216
diff changeset
258 dropbear_assert(key != NULL);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
259
188
c9483550701b - refactored random mp_int generation and byte->mp_int code
Matt Johnston <matt@ucc.asn.au>
parents: 165
diff changeset
260 m_mp_init_multi(&rsa_s, &rsa_tmp1, &rsa_tmp2, &rsa_tmp3, NULL);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
261
760
f336d232fc63 Make _sign and _verify functions take a buffer* rather than void* and int
Matt Johnston <matt@ucc.asn.au>
parents: 594
diff changeset
262 rsa_pad_em(key, data_buf, &rsa_tmp1);
70
b0316ce64e4b Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents: 34
diff changeset
263
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
264 /* the actual signing of the padded data */
188
c9483550701b - refactored random mp_int generation and byte->mp_int code
Matt Johnston <matt@ucc.asn.au>
parents: 165
diff changeset
265
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1250
diff changeset
266 #if DROPBEAR_RSA_BLINDING
188
c9483550701b - refactored random mp_int generation and byte->mp_int code
Matt Johnston <matt@ucc.asn.au>
parents: 165
diff changeset
267
c9483550701b - refactored random mp_int generation and byte->mp_int code
Matt Johnston <matt@ucc.asn.au>
parents: 165
diff changeset
268 /* With blinding, s = (r^(-1))((em)*r^e)^d mod n */
c9483550701b - refactored random mp_int generation and byte->mp_int code
Matt Johnston <matt@ucc.asn.au>
parents: 165
diff changeset
269
c9483550701b - refactored random mp_int generation and byte->mp_int code
Matt Johnston <matt@ucc.asn.au>
parents: 165
diff changeset
270 /* generate the r blinding value */
c9483550701b - refactored random mp_int generation and byte->mp_int code
Matt Johnston <matt@ucc.asn.au>
parents: 165
diff changeset
271 /* rsa_tmp2 is r */
c9483550701b - refactored random mp_int generation and byte->mp_int code
Matt Johnston <matt@ucc.asn.au>
parents: 165
diff changeset
272 gen_random_mpint(key->n, &rsa_tmp2);
c9483550701b - refactored random mp_int generation and byte->mp_int code
Matt Johnston <matt@ucc.asn.au>
parents: 165
diff changeset
273
c9483550701b - refactored random mp_int generation and byte->mp_int code
Matt Johnston <matt@ucc.asn.au>
parents: 165
diff changeset
274 /* rsa_tmp1 is em */
c9483550701b - refactored random mp_int generation and byte->mp_int code
Matt Johnston <matt@ucc.asn.au>
parents: 165
diff changeset
275 /* em' = em * r^e mod n */
c9483550701b - refactored random mp_int generation and byte->mp_int code
Matt Johnston <matt@ucc.asn.au>
parents: 165
diff changeset
276
340
454a34b2dfd1 Fixes from Erik Hovland:
Matt Johnston <matt@ucc.asn.au>
parents: 276
diff changeset
277 /* rsa_s used as a temp var*/
454a34b2dfd1 Fixes from Erik Hovland:
Matt Johnston <matt@ucc.asn.au>
parents: 276
diff changeset
278 if (mp_exptmod(&rsa_tmp2, key->e, key->n, &rsa_s) != MP_OKAY) {
594
a98a2138364a Improve capitalisation for all logged strings
Matt Johnston <matt@ucc.asn.au>
parents: 586
diff changeset
279 dropbear_exit("RSA error");
340
454a34b2dfd1 Fixes from Erik Hovland:
Matt Johnston <matt@ucc.asn.au>
parents: 276
diff changeset
280 }
454a34b2dfd1 Fixes from Erik Hovland:
Matt Johnston <matt@ucc.asn.au>
parents: 276
diff changeset
281 if (mp_invmod(&rsa_tmp2, key->n, &rsa_tmp3) != MP_OKAY) {
594
a98a2138364a Improve capitalisation for all logged strings
Matt Johnston <matt@ucc.asn.au>
parents: 586
diff changeset
282 dropbear_exit("RSA error");
340
454a34b2dfd1 Fixes from Erik Hovland:
Matt Johnston <matt@ucc.asn.au>
parents: 276
diff changeset
283 }
454a34b2dfd1 Fixes from Erik Hovland:
Matt Johnston <matt@ucc.asn.au>
parents: 276
diff changeset
284 if (mp_mulmod(&rsa_tmp1, &rsa_s, key->n, &rsa_tmp2) != MP_OKAY) {
594
a98a2138364a Improve capitalisation for all logged strings
Matt Johnston <matt@ucc.asn.au>
parents: 586
diff changeset
285 dropbear_exit("RSA error");
340
454a34b2dfd1 Fixes from Erik Hovland:
Matt Johnston <matt@ucc.asn.au>
parents: 276
diff changeset
286 }
188
c9483550701b - refactored random mp_int generation and byte->mp_int code
Matt Johnston <matt@ucc.asn.au>
parents: 165
diff changeset
287
c9483550701b - refactored random mp_int generation and byte->mp_int code
Matt Johnston <matt@ucc.asn.au>
parents: 165
diff changeset
288 /* rsa_tmp2 is em' */
c9483550701b - refactored random mp_int generation and byte->mp_int code
Matt Johnston <matt@ucc.asn.au>
parents: 165
diff changeset
289 /* s' = (em')^d mod n */
340
454a34b2dfd1 Fixes from Erik Hovland:
Matt Johnston <matt@ucc.asn.au>
parents: 276
diff changeset
290 if (mp_exptmod(&rsa_tmp2, key->d, key->n, &rsa_tmp1) != MP_OKAY) {
594
a98a2138364a Improve capitalisation for all logged strings
Matt Johnston <matt@ucc.asn.au>
parents: 586
diff changeset
291 dropbear_exit("RSA error");
340
454a34b2dfd1 Fixes from Erik Hovland:
Matt Johnston <matt@ucc.asn.au>
parents: 276
diff changeset
292 }
188
c9483550701b - refactored random mp_int generation and byte->mp_int code
Matt Johnston <matt@ucc.asn.au>
parents: 165
diff changeset
293
c9483550701b - refactored random mp_int generation and byte->mp_int code
Matt Johnston <matt@ucc.asn.au>
parents: 165
diff changeset
294 /* rsa_tmp1 is s' */
c9483550701b - refactored random mp_int generation and byte->mp_int code
Matt Johnston <matt@ucc.asn.au>
parents: 165
diff changeset
295 /* rsa_tmp3 is r^(-1) mod n */
c9483550701b - refactored random mp_int generation and byte->mp_int code
Matt Johnston <matt@ucc.asn.au>
parents: 165
diff changeset
296 /* s = (s')r^(-1) mod n */
340
454a34b2dfd1 Fixes from Erik Hovland:
Matt Johnston <matt@ucc.asn.au>
parents: 276
diff changeset
297 if (mp_mulmod(&rsa_tmp1, &rsa_tmp3, key->n, &rsa_s) != MP_OKAY) {
594
a98a2138364a Improve capitalisation for all logged strings
Matt Johnston <matt@ucc.asn.au>
parents: 586
diff changeset
298 dropbear_exit("RSA error");
340
454a34b2dfd1 Fixes from Erik Hovland:
Matt Johnston <matt@ucc.asn.au>
parents: 276
diff changeset
299 }
188
c9483550701b - refactored random mp_int generation and byte->mp_int code
Matt Johnston <matt@ucc.asn.au>
parents: 165
diff changeset
300
c9483550701b - refactored random mp_int generation and byte->mp_int code
Matt Johnston <matt@ucc.asn.au>
parents: 165
diff changeset
301 #else
c9483550701b - refactored random mp_int generation and byte->mp_int code
Matt Johnston <matt@ucc.asn.au>
parents: 165
diff changeset
302
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
303 /* s = em^d mod n */
188
c9483550701b - refactored random mp_int generation and byte->mp_int code
Matt Johnston <matt@ucc.asn.au>
parents: 165
diff changeset
304 /* rsa_tmp1 is em */
c9483550701b - refactored random mp_int generation and byte->mp_int code
Matt Johnston <matt@ucc.asn.au>
parents: 165
diff changeset
305 if (mp_exptmod(&rsa_tmp1, key->d, key->n, &rsa_s) != MP_OKAY) {
594
a98a2138364a Improve capitalisation for all logged strings
Matt Johnston <matt@ucc.asn.au>
parents: 586
diff changeset
306 dropbear_exit("RSA error");
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
307 }
188
c9483550701b - refactored random mp_int generation and byte->mp_int code
Matt Johnston <matt@ucc.asn.au>
parents: 165
diff changeset
308
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1250
diff changeset
309 #endif /* DROPBEAR_RSA_BLINDING */
188
c9483550701b - refactored random mp_int generation and byte->mp_int code
Matt Johnston <matt@ucc.asn.au>
parents: 165
diff changeset
310
c9483550701b - refactored random mp_int generation and byte->mp_int code
Matt Johnston <matt@ucc.asn.au>
parents: 165
diff changeset
311 mp_clear_multi(&rsa_tmp1, &rsa_tmp2, &rsa_tmp3, NULL);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
312
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
313 /* create the signature to return */
1123
d7b752525b91 buf_getstring and buf_putstring now use non-unsigned char*
Matt Johnston <matt@ucc.asn.au>
parents: 1094
diff changeset
314 buf_putstring(buf, SSH_SIGNKEY_RSA, SSH_SIGNKEY_RSA_LEN);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
315
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
316 nsize = mp_unsigned_bin_size(key->n);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
317
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
318 /* string rsa_signature_blob length */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
319 buf_putint(buf, nsize);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
320 /* pad out s to same length as n */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
321 ssize = mp_unsigned_bin_size(&rsa_s);
241
c5d3ef11155f * use own assertions which should get logged properly
Matt Johnston <matt@ucc.asn.au>
parents: 216
diff changeset
322 dropbear_assert(ssize <= nsize);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
323 for (i = 0; i < nsize-ssize; i++) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
324 buf_putbyte(buf, 0x00);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
325 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
326
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
327 if (mp_to_unsigned_bin(&rsa_s, buf_getwriteptr(buf, ssize)) != MP_OKAY) {
594
a98a2138364a Improve capitalisation for all logged strings
Matt Johnston <matt@ucc.asn.au>
parents: 586
diff changeset
328 dropbear_exit("RSA error");
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
329 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
330 buf_incrwritepos(buf, ssize);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
331 mp_clear(&rsa_s);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
332
1402
553c6bb80265 fix DEBUG_* condition
Francois Perrad <francois.perrad@gadz.org>
parents: 1295
diff changeset
333 #if defined(DEBUG_RSA) && DEBUG_TRACE
907
4a74c58e11fc Make some debug info conditional
Matt Johnston <matt@ucc.asn.au>
parents: 858
diff changeset
334 if (!debug_trace) {
4a74c58e11fc Make some debug info conditional
Matt Johnston <matt@ucc.asn.au>
parents: 858
diff changeset
335 printhex("RSA sig", buf->data, buf->len);
4a74c58e11fc Make some debug info conditional
Matt Johnston <matt@ucc.asn.au>
parents: 858
diff changeset
336 }
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
337 #endif
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
338
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
339
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 84
diff changeset
340 TRACE(("leave buf_put_rsa_sign"))
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
341 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
342
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
343 /* Creates the message value as expected by PKCS, see rfc2437 etc */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
344 /* format to be padded to is:
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
345 * EM = 01 | FF* | 00 | prefix | hash
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
346 *
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
347 * where FF is repeated enough times to make EM one byte
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
348 * shorter than the size of key->n
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
349 *
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
350 * prefix is the ASN1 designator prefix,
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
351 * hex 30 21 30 09 06 05 2B 0E 03 02 1A 05 00 04 14
188
c9483550701b - refactored random mp_int generation and byte->mp_int code
Matt Johnston <matt@ucc.asn.au>
parents: 165
diff changeset
352 *
c9483550701b - refactored random mp_int generation and byte->mp_int code
Matt Johnston <matt@ucc.asn.au>
parents: 165
diff changeset
353 * rsa_em must be a pointer to an initialised mp_int.
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
354 */
1459
06d52bcb8094 Pointer parameter could be declared as pointing to const
Francois Perrad <francois.perrad@gadz.org>
parents: 1409
diff changeset
355 static void rsa_pad_em(const dropbear_rsa_key * key,
06d52bcb8094 Pointer parameter could be declared as pointing to const
Francois Perrad <francois.perrad@gadz.org>
parents: 1409
diff changeset
356 const buffer *data_buf, mp_int * rsa_em) {
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
357
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
358 /* ASN1 designator (including the 0x00 preceding) */
198
65585699d980 * add a "label" argument to printhex()
Matt Johnston <matt@ucc.asn.au>
parents: 188
diff changeset
359 const unsigned char rsa_asn1_magic[] =
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
360 {0x00, 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b,
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
361 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14};
198
65585699d980 * add a "label" argument to printhex()
Matt Johnston <matt@ucc.asn.au>
parents: 188
diff changeset
362 const unsigned int RSA_ASN1_MAGIC_LEN = 16;
65585699d980 * add a "label" argument to printhex()
Matt Johnston <matt@ucc.asn.au>
parents: 188
diff changeset
363
70
b0316ce64e4b Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents: 34
diff changeset
364 buffer * rsa_EM = NULL;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
365 hash_state hs;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
366 unsigned int nsize;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
367
241
c5d3ef11155f * use own assertions which should get logged properly
Matt Johnston <matt@ucc.asn.au>
parents: 216
diff changeset
368 dropbear_assert(key != NULL);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
369 nsize = mp_unsigned_bin_size(key->n);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
370
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
371 rsa_EM = buf_new(nsize-1);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
372 /* type byte */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
373 buf_putbyte(rsa_EM, 0x01);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
374 /* Padding with 0xFF bytes */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
375 while(rsa_EM->pos != rsa_EM->size - RSA_ASN1_MAGIC_LEN - SHA1_HASH_SIZE) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
376 buf_putbyte(rsa_EM, 0xff);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
377 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
378 /* Magic ASN1 stuff */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
379 memcpy(buf_getwriteptr(rsa_EM, RSA_ASN1_MAGIC_LEN),
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
380 rsa_asn1_magic, RSA_ASN1_MAGIC_LEN);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
381 buf_incrwritepos(rsa_EM, RSA_ASN1_MAGIC_LEN);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
382
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
383 /* The hash of the data */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
384 sha1_init(&hs);
760
f336d232fc63 Make _sign and _verify functions take a buffer* rather than void* and int
Matt Johnston <matt@ucc.asn.au>
parents: 594
diff changeset
385 sha1_process(&hs, data_buf->data, data_buf->len);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
386 sha1_done(&hs, buf_getwriteptr(rsa_EM, SHA1_HASH_SIZE));
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
387 buf_incrwritepos(rsa_EM, SHA1_HASH_SIZE);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
388
241
c5d3ef11155f * use own assertions which should get logged properly
Matt Johnston <matt@ucc.asn.au>
parents: 216
diff changeset
389 dropbear_assert(rsa_EM->pos == rsa_EM->size);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
390
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
391 /* Create the mp_int from the encoded bytes */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
392 buf_setpos(rsa_EM, 0);
188
c9483550701b - refactored random mp_int generation and byte->mp_int code
Matt Johnston <matt@ucc.asn.au>
parents: 165
diff changeset
393 bytes_to_mp(rsa_em, buf_getptr(rsa_EM, rsa_EM->size),
c9483550701b - refactored random mp_int generation and byte->mp_int code
Matt Johnston <matt@ucc.asn.au>
parents: 165
diff changeset
394 rsa_EM->size);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
395 buf_free(rsa_EM);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
396 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
397
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
398 #endif /* DROPBEAR_RSA */