3
|
1 /* LibTomCrypt, modular cryptographic library -- Tom St Denis |
|
2 * |
|
3 * LibTomCrypt is a library that provides various cryptographic |
|
4 * algorithms in a highly modular and flexible manner. |
|
5 * |
|
6 * The library is free for all purposes without any express |
|
7 * guarantee it works. |
|
8 * |
|
9 * Tom St Denis, [email protected], http://libtomcrypt.org |
|
10 */ |
|
11 |
|
12 /* these are smaller routines written by Clay Culver. They do the same function as the rsa_encrypt/decrypt |
|
13 * except that they are used to RSA encrypt/decrypt a single value and not a packet. |
|
14 */ |
|
15 int rsa_encrypt_key(const unsigned char *inkey, unsigned long inlen, |
|
16 unsigned char *outkey, unsigned long *outlen, |
|
17 prng_state *prng, int wprng, rsa_key *key) |
|
18 { |
|
19 unsigned char rsa_in[RSA_STACK], rsa_out[RSA_STACK]; |
|
20 unsigned long x, y, rsa_size; |
|
21 int err; |
|
22 |
|
23 _ARGCHK(inkey != NULL); |
|
24 _ARGCHK(outkey != NULL); |
|
25 _ARGCHK(outlen != NULL); |
|
26 _ARGCHK(key != NULL); |
|
27 |
|
28 /* only allow keys from 64 to 256 bits */ |
|
29 if (inlen < 8 || inlen > 32) { |
|
30 return CRYPT_INVALID_ARG; |
|
31 } |
|
32 |
|
33 /* are the parameters valid? */ |
|
34 if ((err = prng_is_valid(wprng)) != CRYPT_OK) { |
|
35 return err; |
|
36 } |
|
37 |
|
38 /* rsa_pad the symmetric key */ |
|
39 y = (unsigned long)sizeof(rsa_in); |
|
40 if ((err = rsa_pad(inkey, inlen, rsa_in, &y, wprng, prng)) != CRYPT_OK) { |
|
41 return CRYPT_ERROR; |
|
42 } |
|
43 |
|
44 /* rsa encrypt it */ |
|
45 rsa_size = (unsigned long)sizeof(rsa_out); |
|
46 if ((err = rsa_exptmod(rsa_in, y, rsa_out, &rsa_size, PK_PUBLIC, key)) != CRYPT_OK) { |
|
47 return CRYPT_ERROR; |
|
48 } |
|
49 |
|
50 /* check size */ |
|
51 if (*outlen < (PACKET_SIZE+4+rsa_size)) { |
|
52 return CRYPT_BUFFER_OVERFLOW; |
|
53 } |
|
54 |
|
55 /* store header */ |
|
56 packet_store_header(outkey, PACKET_SECT_RSA, PACKET_SUB_ENC_KEY); |
|
57 |
|
58 /* now lets make the header */ |
|
59 y = PACKET_SIZE; |
|
60 |
|
61 /* store the size of the RSA value */ |
|
62 STORE32L(rsa_size, (outkey+y)); |
|
63 y += 4; |
|
64 |
|
65 /* store the rsa value */ |
|
66 for (x = 0; x < rsa_size; x++, y++) { |
|
67 outkey[y] = rsa_out[x]; |
|
68 } |
|
69 |
|
70 *outlen = y; |
|
71 #ifdef CLEAN_STACK |
|
72 /* clean up */ |
|
73 zeromem(rsa_in, sizeof(rsa_in)); |
|
74 zeromem(rsa_out, sizeof(rsa_out)); |
|
75 #endif |
|
76 |
|
77 return CRYPT_OK; |
|
78 } |
|
79 |
|
80 int rsa_decrypt_key(const unsigned char *in, unsigned long inlen, |
|
81 unsigned char *outkey, unsigned long *keylen, |
|
82 rsa_key *key) |
|
83 { |
|
84 unsigned char sym_key[MAXBLOCKSIZE], rsa_out[RSA_STACK]; |
|
85 unsigned long x, y, z, i, rsa_size; |
|
86 int err; |
|
87 |
|
88 _ARGCHK(in != NULL); |
|
89 _ARGCHK(outkey != NULL); |
|
90 _ARGCHK(keylen != NULL); |
|
91 _ARGCHK(key != NULL); |
|
92 |
|
93 /* right key type? */ |
|
94 if (key->type != PK_PRIVATE && key->type != PK_PRIVATE_OPTIMIZED) { |
|
95 return CRYPT_PK_NOT_PRIVATE; |
|
96 } |
|
97 |
|
98 if (inlen < PACKET_SIZE+4) { |
|
99 return CRYPT_INVALID_PACKET; |
|
100 } else { |
|
101 inlen -= PACKET_SIZE+4; |
|
102 } |
|
103 |
|
104 /* check the header */ |
|
105 if ((err = packet_valid_header((unsigned char *)in, PACKET_SECT_RSA, PACKET_SUB_ENC_KEY)) != CRYPT_OK) { |
|
106 return err; |
|
107 } |
|
108 |
|
109 /* grab length of the rsa key */ |
|
110 y = PACKET_SIZE; |
|
111 LOAD32L(rsa_size, (in+y)); |
|
112 if (inlen < rsa_size) { |
|
113 return CRYPT_INVALID_PACKET; |
|
114 } else { |
|
115 inlen -= rsa_size; |
|
116 } |
|
117 y += 4; |
|
118 |
|
119 /* decrypt it */ |
|
120 x = (unsigned long)sizeof(rsa_out); |
|
121 if ((err = rsa_exptmod(in+y, rsa_size, rsa_out, &x, PK_PRIVATE, key)) != CRYPT_OK) { |
|
122 return err; |
|
123 } |
|
124 y += rsa_size; |
|
125 |
|
126 /* depad it */ |
|
127 z = (unsigned long)sizeof(sym_key); |
|
128 if ((err = rsa_depad(rsa_out, x, sym_key, &z)) != CRYPT_OK) { |
|
129 return err; |
|
130 } |
|
131 |
|
132 /* check size */ |
|
133 if (*keylen < z) { |
|
134 return CRYPT_BUFFER_OVERFLOW; |
|
135 } |
|
136 |
|
137 for (i = 0; i < z; i++) { |
|
138 outkey[i] = sym_key[i]; |
|
139 } |
|
140 |
|
141 #ifdef CLEAN_STACK |
|
142 /* clean up */ |
|
143 zeromem(sym_key, sizeof(sym_key)); |
|
144 zeromem(rsa_out, sizeof(rsa_out)); |
|
145 #endif |
|
146 *keylen = z; |
|
147 return CRYPT_OK; |
|
148 } |
|
149 |
|
150 int rsa_sign_hash(const unsigned char *in, unsigned long inlen, |
|
151 unsigned char *out, unsigned long *outlen, |
|
152 rsa_key *key) |
|
153 { |
|
154 unsigned long rsa_size, x, y; |
|
155 unsigned char rsa_in[RSA_STACK], rsa_out[RSA_STACK]; |
|
156 int err; |
|
157 |
|
158 _ARGCHK(in != NULL); |
|
159 _ARGCHK(out != NULL); |
|
160 _ARGCHK(outlen != NULL); |
|
161 _ARGCHK(key != NULL); |
|
162 |
|
163 /* reject nonsense sizes */ |
|
164 if (inlen > (512/3) || inlen < 16) { |
|
165 return CRYPT_INVALID_ARG; |
|
166 } |
|
167 |
|
168 /* type of key? */ |
|
169 if (key->type != PK_PRIVATE && key->type != PK_PRIVATE_OPTIMIZED) { |
|
170 return CRYPT_PK_NOT_PRIVATE; |
|
171 } |
|
172 |
|
173 /* pad it */ |
|
174 x = (unsigned long)sizeof(rsa_out); |
|
175 if ((err = rsa_signpad(in, inlen, rsa_out, &x)) != CRYPT_OK) { |
|
176 return err; |
|
177 } |
|
178 |
|
179 /* sign it */ |
|
180 rsa_size = (unsigned long)sizeof(rsa_in); |
|
181 if ((err = rsa_exptmod(rsa_out, x, rsa_in, &rsa_size, PK_PRIVATE, key)) != CRYPT_OK) { |
|
182 return err; |
|
183 } |
|
184 |
|
185 /* check size */ |
|
186 if (*outlen < (PACKET_SIZE+4+rsa_size)) { |
|
187 return CRYPT_BUFFER_OVERFLOW; |
|
188 } |
|
189 |
|
190 /* now lets output the message */ |
|
191 y = PACKET_SIZE; |
|
192 |
|
193 /* output the len */ |
|
194 STORE32L(rsa_size, (out+y)); |
|
195 y += 4; |
|
196 |
|
197 /* store the signature */ |
|
198 for (x = 0; x < rsa_size; x++, y++) { |
|
199 out[y] = rsa_in[x]; |
|
200 } |
|
201 |
|
202 /* store header */ |
|
203 packet_store_header(out, PACKET_SECT_RSA, PACKET_SUB_SIGNED); |
|
204 |
|
205 #ifdef CLEAN_STACK |
|
206 /* clean up */ |
|
207 zeromem(rsa_in, sizeof(rsa_in)); |
|
208 zeromem(rsa_out, sizeof(rsa_out)); |
|
209 #endif |
|
210 *outlen = y; |
|
211 return CRYPT_OK; |
|
212 } |
|
213 |
|
214 int rsa_verify_hash(const unsigned char *sig, unsigned long siglen, |
|
215 const unsigned char *md, int *stat, rsa_key *key) |
|
216 { |
|
217 unsigned long rsa_size, x, y, z; |
|
218 unsigned char rsa_in[RSA_STACK], rsa_out[RSA_STACK]; |
|
219 int err; |
|
220 |
|
221 _ARGCHK(sig != NULL); |
|
222 _ARGCHK(md != NULL); |
|
223 _ARGCHK(stat != NULL); |
|
224 _ARGCHK(key != NULL); |
|
225 |
|
226 /* always be incorrect by default */ |
|
227 *stat = 0; |
|
228 |
|
229 if (siglen < PACKET_SIZE+4) { |
|
230 return CRYPT_INVALID_PACKET; |
|
231 } else { |
|
232 siglen -= PACKET_SIZE+4; |
|
233 } |
|
234 |
|
235 /* verify header */ |
|
236 if ((err = packet_valid_header((unsigned char *)sig, PACKET_SECT_RSA, PACKET_SUB_SIGNED)) != CRYPT_OK) { |
|
237 return err; |
|
238 } |
|
239 |
|
240 /* get the len */ |
|
241 y = PACKET_SIZE; |
|
242 LOAD32L(rsa_size, (sig+y)); |
|
243 if (siglen < rsa_size) { |
|
244 return CRYPT_INVALID_PACKET; |
|
245 } else { |
|
246 siglen -= rsa_size; |
|
247 } |
|
248 y += 4; |
|
249 |
|
250 /* exptmod it */ |
|
251 x = (unsigned long)sizeof(rsa_out); |
|
252 if ((err = rsa_exptmod(sig+y, rsa_size, rsa_out, &x, PK_PUBLIC, key)) != CRYPT_OK) { |
|
253 return err; |
|
254 } |
|
255 y += rsa_size; |
|
256 |
|
257 /* depad it */ |
|
258 z = (unsigned long)sizeof(rsa_in); |
|
259 if ((err = rsa_signdepad(rsa_out, x, rsa_in, &z)) != CRYPT_OK) { |
|
260 return err; |
|
261 } |
|
262 |
|
263 /* check? */ |
|
264 if (memcmp(rsa_in, md, (size_t)z) == 0) { |
|
265 *stat = 1; |
|
266 } |
|
267 |
|
268 #ifdef CLEAN_STACK |
|
269 zeromem(rsa_in, sizeof(rsa_in)); |
|
270 zeromem(rsa_out, sizeof(rsa_out)); |
|
271 #endif |
|
272 return CRYPT_OK; |
|
273 } |
|
274 |