dropbear: rsa.c annotate

annotate rsa.c @ 1659:d32bcb5c557d

Add Ed25519 support (#91) * Add support for Ed25519 as a public key type Ed25519 is a elliptic curve signature scheme that offers better security than ECDSA and DSA and good performance. It may be used for both user and host keys. OpenSSH key import and fuzzer are not supported yet. Initially inspired by Peter Szabo. * Add curve25519 and ed25519 fuzzers * Add import and export of Ed25519 keys

author	Vladislav Grishenko <themiron@users.noreply.github.com>
date	Wed, 11 Mar 2020 21:09:45 +0500
parents	bb8eaa26bc93
children	ba6fc7afe1c5

rev	line source
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	2 * Dropbear - a SSH2 server
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	3 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	4 * Copyright (c) 2002,2003 Matt Johnston
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	5 * All rights reserved.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	6 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	7 * Permission is hereby granted, free of charge, to any person obtaining a copy
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	8 * of this software and associated documentation files (the "Software"), to deal
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	9 * in the Software without restriction, including without limitation the rights
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	11 * copies of the Software, and to permit persons to whom the Software is
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	12 * furnished to do so, subject to the following conditions:
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	13 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	14 * The above copyright notice and this permission notice shall be included in
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	15 * all copies or substantial portions of the Software.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	16 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	20 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	23 * SOFTWARE. */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	24
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	25 /* Perform RSA operations on data, including reading keys, signing and
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	26 * verification.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	27 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	28 * The format is specified in rfc2437, Applied Cryptography or The Handbook of
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	29 * Applied Cryptography detail the general algorithm. */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	30
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	31 #include "includes.h"
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	32 #include "dbutil.h"
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	33 #include "bignum.h"
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	34 #include "rsa.h"
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	35 #include "buffer.h"
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	36 #include "ssh.h"
858 220f55d540ae rename random.h to dbrandom.h since some OSes have a system random.h Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	37 #include "dbrandom.h"
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	38
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1250 diff changeset	39 #if DROPBEAR_RSA
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	40
1459 06d52bcb8094 Pointer parameter could be declared as pointing to const Francois Perrad <francois.perrad@gadz.org> parents: 1409 diff changeset	41 static void rsa_pad_em(const dropbear_rsa_key * key,
06d52bcb8094 Pointer parameter could be declared as pointing to const Francois Perrad <francois.perrad@gadz.org> parents: 1409 diff changeset	42 const buffer data_buf, mp_int rsa_em);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	43
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	44 /* Load a public rsa key from a buffer, initialising the values.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	45 * The key will have the same format as buf_put_rsa_key.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	46 * These should be freed with rsa_key_free.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	47 * Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
586 b50f0107e505 Rename rsa_key to dropbear_rsa_key (and same for dss too) so Matt Johnston <matt@ucc.asn.au> parents: 378 diff changeset	48 int buf_get_rsa_pub_key(buffer* buf, dropbear_rsa_key *key) {
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	49
1250 2bb4c662d1c2 more hard tab Francois Perrad <francois.perrad@gadz.org> parents: 1249 diff changeset	50 int ret = DROPBEAR_FAILURE;
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 84 diff changeset	51 TRACE(("enter buf_get_rsa_pub_key"))
241 c5d3ef11155f * use own assertions which should get logged properly Matt Johnston <matt@ucc.asn.au> parents: 216 diff changeset	52 dropbear_assert(key != NULL);
805 724c3e0c8734 Add m_mp_alloc_init_multi() helper Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	53 m_mp_alloc_init_multi(&key->e, &key->n, NULL);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	54 key->d = NULL;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	55 key->p = NULL;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	56 key->q = NULL;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	57
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	58 buf_incrpos(buf, 4+SSH_SIGNKEY_RSA_LEN); /* int + "ssh-rsa" */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	59
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	60 if (buf_getmpint(buf, key->e) == DROPBEAR_FAILURE
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	61 \|\| buf_getmpint(buf, key->n) == DROPBEAR_FAILURE) {
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 84 diff changeset	62 TRACE(("leave buf_get_rsa_pub_key: failure"))
1250 2bb4c662d1c2 more hard tab Francois Perrad <francois.perrad@gadz.org> parents: 1249 diff changeset	63 goto out;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	64 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	65
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	66 if (mp_count_bits(key->n) < MIN_RSA_KEYLEN) {
594 a98a2138364a Improve capitalisation for all logged strings Matt Johnston <matt@ucc.asn.au> parents: 586 diff changeset	67 dropbear_log(LOG_WARNING, "RSA key too short");
1250 2bb4c662d1c2 more hard tab Francois Perrad <francois.perrad@gadz.org> parents: 1249 diff changeset	68 goto out;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	69 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	70
1526 36ab6b091ad3 limit rsa->e size to 64 bits Matt Johnston <matt@ucc.asn.au> parents: 1459 diff changeset	71 /* 64 bit is limit used by openssl, so we won't block any keys in the wild */
36ab6b091ad3 limit rsa->e size to 64 bits Matt Johnston <matt@ucc.asn.au> parents: 1459 diff changeset	72 if (mp_count_bits(key->e) > 64) {
36ab6b091ad3 limit rsa->e size to 64 bits Matt Johnston <matt@ucc.asn.au> parents: 1459 diff changeset	73 dropbear_log(LOG_WARNING, "RSA key bad e");
36ab6b091ad3 limit rsa->e size to 64 bits Matt Johnston <matt@ucc.asn.au> parents: 1459 diff changeset	74 goto out;
36ab6b091ad3 limit rsa->e size to 64 bits Matt Johnston <matt@ucc.asn.au> parents: 1459 diff changeset	75 }
36ab6b091ad3 limit rsa->e size to 64 bits Matt Johnston <matt@ucc.asn.au> parents: 1459 diff changeset	76
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 84 diff changeset	77 TRACE(("leave buf_get_rsa_pub_key: success"))
1249 c6346c63281b refactor indentation with hard tab Francois Perrad <francois.perrad@gadz.org> parents: 1123 diff changeset	78 ret = DROPBEAR_SUCCESS;
370 9a789fc03f40 Make sure that we clean up key parts if we fail during reading a rsa key Matt Johnston <matt@ucc.asn.au> parents: 276 diff changeset	79 out:
1249 c6346c63281b refactor indentation with hard tab Francois Perrad <francois.perrad@gadz.org> parents: 1123 diff changeset	80 if (ret == DROPBEAR_FAILURE) {
1409 c721e8c42d2a add m_mp_free_multi, be more careful freeing when failing to load keys Matt Johnston <matt@ucc.asn.au> parents: 1402 diff changeset	81 m_mp_free_multi(&key->e, &key->n, NULL);
1249 c6346c63281b refactor indentation with hard tab Francois Perrad <francois.perrad@gadz.org> parents: 1123 diff changeset	82 }
370 9a789fc03f40 Make sure that we clean up key parts if we fail during reading a rsa key Matt Johnston <matt@ucc.asn.au> parents: 276 diff changeset	83 return ret;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	84 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	85
370 9a789fc03f40 Make sure that we clean up key parts if we fail during reading a rsa key Matt Johnston <matt@ucc.asn.au> parents: 276 diff changeset	86 /* Same as buf_get_rsa_pub_key, but reads private bits at the end.
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	87 * Loads a private rsa key from a buffer
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	88 * Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
586 b50f0107e505 Rename rsa_key to dropbear_rsa_key (and same for dss too) so Matt Johnston <matt@ucc.asn.au> parents: 378 diff changeset	89 int buf_get_rsa_priv_key(buffer* buf, dropbear_rsa_key *key) {
1250 2bb4c662d1c2 more hard tab Francois Perrad <francois.perrad@gadz.org> parents: 1249 diff changeset	90 int ret = DROPBEAR_FAILURE;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	91
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 84 diff changeset	92 TRACE(("enter buf_get_rsa_priv_key"))
370 9a789fc03f40 Make sure that we clean up key parts if we fail during reading a rsa key Matt Johnston <matt@ucc.asn.au> parents: 276 diff changeset	93 dropbear_assert(key != NULL);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	94
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	95 if (buf_get_rsa_pub_key(buf, key) == DROPBEAR_FAILURE) {
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 84 diff changeset	96 TRACE(("leave buf_get_rsa_priv_key: pub: ret == DROPBEAR_FAILURE"))
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	97 return DROPBEAR_FAILURE;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	98 }
370 9a789fc03f40 Make sure that we clean up key parts if we fail during reading a rsa key Matt Johnston <matt@ucc.asn.au> parents: 276 diff changeset	99
9a789fc03f40 Make sure that we clean up key parts if we fail during reading a rsa key Matt Johnston <matt@ucc.asn.au> parents: 276 diff changeset	100 key->d = NULL;
9a789fc03f40 Make sure that we clean up key parts if we fail during reading a rsa key Matt Johnston <matt@ucc.asn.au> parents: 276 diff changeset	101 key->p = NULL;
9a789fc03f40 Make sure that we clean up key parts if we fail during reading a rsa key Matt Johnston <matt@ucc.asn.au> parents: 276 diff changeset	102 key->q = NULL;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	103
807 75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 805 diff changeset	104 m_mp_alloc_init_multi(&key->d, NULL);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	105 if (buf_getmpint(buf, key->d) == DROPBEAR_FAILURE) {
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 84 diff changeset	106 TRACE(("leave buf_get_rsa_priv_key: d: ret == DROPBEAR_FAILURE"))
1250 2bb4c662d1c2 more hard tab Francois Perrad <francois.perrad@gadz.org> parents: 1249 diff changeset	107 goto out;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	108 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	109
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	110 if (buf->pos == buf->len) {
1250 2bb4c662d1c2 more hard tab Francois Perrad <francois.perrad@gadz.org> parents: 1249 diff changeset	111 /* old Dropbear private keys didn't keep p and q, so we will ignore them*/
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	112 } else {
805 724c3e0c8734 Add m_mp_alloc_init_multi() helper Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	113 m_mp_alloc_init_multi(&key->p, &key->q, NULL);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	114
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	115 if (buf_getmpint(buf, key->p) == DROPBEAR_FAILURE) {
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 84 diff changeset	116 TRACE(("leave buf_get_rsa_priv_key: p: ret == DROPBEAR_FAILURE"))
1250 2bb4c662d1c2 more hard tab Francois Perrad <francois.perrad@gadz.org> parents: 1249 diff changeset	117 goto out;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	118 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	119
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	120 if (buf_getmpint(buf, key->q) == DROPBEAR_FAILURE) {
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 84 diff changeset	121 TRACE(("leave buf_get_rsa_priv_key: q: ret == DROPBEAR_FAILURE"))
1250 2bb4c662d1c2 more hard tab Francois Perrad <francois.perrad@gadz.org> parents: 1249 diff changeset	122 goto out;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	123 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	124 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	125
1250 2bb4c662d1c2 more hard tab Francois Perrad <francois.perrad@gadz.org> parents: 1249 diff changeset	126 ret = DROPBEAR_SUCCESS;
370 9a789fc03f40 Make sure that we clean up key parts if we fail during reading a rsa key Matt Johnston <matt@ucc.asn.au> parents: 276 diff changeset	127 out:
1250 2bb4c662d1c2 more hard tab Francois Perrad <francois.perrad@gadz.org> parents: 1249 diff changeset	128 if (ret == DROPBEAR_FAILURE) {
1409 c721e8c42d2a add m_mp_free_multi, be more careful freeing when failing to load keys Matt Johnston <matt@ucc.asn.au> parents: 1402 diff changeset	129 m_mp_free_multi(&key->d, &key->p, &key->q, NULL);
1250 2bb4c662d1c2 more hard tab Francois Perrad <francois.perrad@gadz.org> parents: 1249 diff changeset	130 }
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 84 diff changeset	131 TRACE(("leave buf_get_rsa_priv_key"))
1250 2bb4c662d1c2 more hard tab Francois Perrad <francois.perrad@gadz.org> parents: 1249 diff changeset	132 return ret;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	133 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	134
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	135
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	136 /* Clear and free the memory used by a public or private key */
586 b50f0107e505 Rename rsa_key to dropbear_rsa_key (and same for dss too) so Matt Johnston <matt@ucc.asn.au> parents: 378 diff changeset	137 void rsa_key_free(dropbear_rsa_key *key) {
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	138
731 9a5438271556 Move the more verbose TRACE() statements into TRACE2() Matt Johnston <matt@ucc.asn.au> parents: 594 diff changeset	139 TRACE2(("enter rsa_key_free"))
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	140
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	141 if (key == NULL) {
731 9a5438271556 Move the more verbose TRACE() statements into TRACE2() Matt Johnston <matt@ucc.asn.au> parents: 594 diff changeset	142 TRACE2(("leave rsa_key_free: key == NULL"))
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	143 return;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	144 }
1409 c721e8c42d2a add m_mp_free_multi, be more careful freeing when failing to load keys Matt Johnston <matt@ucc.asn.au> parents: 1402 diff changeset	145 m_mp_free_multi(&key->d, &key->e, &key->p, &key->q, &key->n, NULL);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	146 m_free(key);
731 9a5438271556 Move the more verbose TRACE() statements into TRACE2() Matt Johnston <matt@ucc.asn.au> parents: 594 diff changeset	147 TRACE2(("leave rsa_key_free"))
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	148 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	149
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	150 /* Put the public rsa key into the buffer in the required format:
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	151 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	152 * string "ssh-rsa"
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	153 * mp_int e
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	154 * mp_int n
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	155 */
1459 06d52bcb8094 Pointer parameter could be declared as pointing to const Francois Perrad <francois.perrad@gadz.org> parents: 1409 diff changeset	156 void buf_put_rsa_pub_key(buffer* buf, const dropbear_rsa_key *key) {
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	157
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 84 diff changeset	158 TRACE(("enter buf_put_rsa_pub_key"))
241 c5d3ef11155f * use own assertions which should get logged properly Matt Johnston <matt@ucc.asn.au> parents: 216 diff changeset	159 dropbear_assert(key != NULL);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	160
1123 d7b752525b91 buf_getstring and buf_putstring now use non-unsigned char* Matt Johnston <matt@ucc.asn.au> parents: 1094 diff changeset	161 buf_putstring(buf, SSH_SIGNKEY_RSA, SSH_SIGNKEY_RSA_LEN);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	162 buf_putmpint(buf, key->e);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	163 buf_putmpint(buf, key->n);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	164
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 84 diff changeset	165 TRACE(("leave buf_put_rsa_pub_key"))
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	166
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	167 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	168
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	169 /* Same as buf_put_rsa_pub_key, but with the private "x" key appended */
1459 06d52bcb8094 Pointer parameter could be declared as pointing to const Francois Perrad <francois.perrad@gadz.org> parents: 1409 diff changeset	170 void buf_put_rsa_priv_key(buffer* buf, const dropbear_rsa_key *key) {
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	171
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 84 diff changeset	172 TRACE(("enter buf_put_rsa_priv_key"))
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	173
241 c5d3ef11155f * use own assertions which should get logged properly Matt Johnston <matt@ucc.asn.au> parents: 216 diff changeset	174 dropbear_assert(key != NULL);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	175 buf_put_rsa_pub_key(buf, key);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	176 buf_putmpint(buf, key->d);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	177
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	178 /* new versions have p and q, old versions don't */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	179 if (key->p) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	180 buf_putmpint(buf, key->p);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	181 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	182 if (key->q) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	183 buf_putmpint(buf, key->q);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	184 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	185
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	186
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 84 diff changeset	187 TRACE(("leave buf_put_rsa_priv_key"))
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	188
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	189 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	190
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1250 diff changeset	191 #if DROPBEAR_SIGNKEY_VERIFY
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	192 /* Verify a signature in buf, made on data by the key given.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	193 * Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
1459 06d52bcb8094 Pointer parameter could be declared as pointing to const Francois Perrad <francois.perrad@gadz.org> parents: 1409 diff changeset	194 int buf_rsa_verify(buffer * buf, const dropbear_rsa_key key, const buffer data_buf) {
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	195 unsigned int slen;
84 29a5c7c62350 default initialisers for mp_ints Matt Johnston <matt@ucc.asn.au> parents: 70 diff changeset	196 DEF_MP_INT(rsa_s);
29a5c7c62350 default initialisers for mp_ints Matt Johnston <matt@ucc.asn.au> parents: 70 diff changeset	197 DEF_MP_INT(rsa_mdash);
188 c9483550701b - refactored random mp_int generation and byte->mp_int code Matt Johnston <matt@ucc.asn.au> parents: 165 diff changeset	198 DEF_MP_INT(rsa_em);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	199 int ret = DROPBEAR_FAILURE;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	200
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 84 diff changeset	201 TRACE(("enter buf_rsa_verify"))
34 e2a1eaa19f22 Client mostly works up to password auth Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	202
241 c5d3ef11155f * use own assertions which should get logged properly Matt Johnston <matt@ucc.asn.au> parents: 216 diff changeset	203 dropbear_assert(key != NULL);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	204
188 c9483550701b - refactored random mp_int generation and byte->mp_int code Matt Johnston <matt@ucc.asn.au> parents: 165 diff changeset	205 m_mp_init_multi(&rsa_mdash, &rsa_s, &rsa_em, NULL);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	206
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	207 slen = buf_getint(buf);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	208 if (slen != (unsigned int)mp_unsigned_bin_size(key->n)) {
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 84 diff changeset	209 TRACE(("bad size"))
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	210 goto out;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	211 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	212
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	213 if (mp_read_unsigned_bin(&rsa_s, buf_getptr(buf, buf->len - buf->pos),
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	214 buf->len - buf->pos) != MP_OKAY) {
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 84 diff changeset	215 TRACE(("failed reading rsa_s"))
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	216 goto out;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	217 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	218
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	219 /* check that s <= n-1 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	220 if (mp_cmp(&rsa_s, key->n) != MP_LT) {
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 84 diff changeset	221 TRACE(("s > n-1"))
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	222 goto out;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	223 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	224
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	225 /* create the magic PKCS padded value */
760 f336d232fc63 Make _sign and _verify functions take a buffer* rather than void* and int Matt Johnston <matt@ucc.asn.au> parents: 594 diff changeset	226 rsa_pad_em(key, data_buf, &rsa_em);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	227
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	228 if (mp_exptmod(&rsa_s, key->e, key->n, &rsa_mdash) != MP_OKAY) {
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 84 diff changeset	229 TRACE(("failed exptmod rsa_s"))
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	230 goto out;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	231 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	232
188 c9483550701b - refactored random mp_int generation and byte->mp_int code Matt Johnston <matt@ucc.asn.au> parents: 165 diff changeset	233 if (mp_cmp(&rsa_em, &rsa_mdash) == MP_EQ) {
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	234 /* signature is valid */
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 84 diff changeset	235 TRACE(("success!"))
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	236 ret = DROPBEAR_SUCCESS;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	237 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	238
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	239 out:
188 c9483550701b - refactored random mp_int generation and byte->mp_int code Matt Johnston <matt@ucc.asn.au> parents: 165 diff changeset	240 mp_clear_multi(&rsa_mdash, &rsa_s, &rsa_em, NULL);
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 84 diff changeset	241 TRACE(("leave buf_rsa_verify: ret %d", ret))
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	242 return ret;
188 c9483550701b - refactored random mp_int generation and byte->mp_int code Matt Johnston <matt@ucc.asn.au> parents: 165 diff changeset	243 }
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	244
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	245 #endif /* DROPBEAR_SIGNKEY_VERIFY */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	246
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	247 /* Sign the data presented with key, writing the signature contents
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	248 * to the buffer */
1459 06d52bcb8094 Pointer parameter could be declared as pointing to const Francois Perrad <francois.perrad@gadz.org> parents: 1409 diff changeset	249 void buf_put_rsa_sign(buffer* buf, const dropbear_rsa_key key, const buffer data_buf) {
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	250 unsigned int nsize, ssize;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	251 unsigned int i;
84 29a5c7c62350 default initialisers for mp_ints Matt Johnston <matt@ucc.asn.au> parents: 70 diff changeset	252 DEF_MP_INT(rsa_s);
188 c9483550701b - refactored random mp_int generation and byte->mp_int code Matt Johnston <matt@ucc.asn.au> parents: 165 diff changeset	253 DEF_MP_INT(rsa_tmp1);
c9483550701b - refactored random mp_int generation and byte->mp_int code Matt Johnston <matt@ucc.asn.au> parents: 165 diff changeset	254 DEF_MP_INT(rsa_tmp2);
c9483550701b - refactored random mp_int generation and byte->mp_int code Matt Johnston <matt@ucc.asn.au> parents: 165 diff changeset	255 DEF_MP_INT(rsa_tmp3);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	256
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 84 diff changeset	257 TRACE(("enter buf_put_rsa_sign"))
241 c5d3ef11155f * use own assertions which should get logged properly Matt Johnston <matt@ucc.asn.au> parents: 216 diff changeset	258 dropbear_assert(key != NULL);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	259
188 c9483550701b - refactored random mp_int generation and byte->mp_int code Matt Johnston <matt@ucc.asn.au> parents: 165 diff changeset	260 m_mp_init_multi(&rsa_s, &rsa_tmp1, &rsa_tmp2, &rsa_tmp3, NULL);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	261
760 f336d232fc63 Make _sign and _verify functions take a buffer* rather than void* and int Matt Johnston <matt@ucc.asn.au> parents: 594 diff changeset	262 rsa_pad_em(key, data_buf, &rsa_tmp1);
70 b0316ce64e4b Merging in the changes from 0.41-0.43 main Dropbear tree Matt Johnston <matt@ucc.asn.au> parents: 34 diff changeset	263
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	264 /* the actual signing of the padded data */
188 c9483550701b - refactored random mp_int generation and byte->mp_int code Matt Johnston <matt@ucc.asn.au> parents: 165 diff changeset	265
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1250 diff changeset	266 #if DROPBEAR_RSA_BLINDING
188 c9483550701b - refactored random mp_int generation and byte->mp_int code Matt Johnston <matt@ucc.asn.au> parents: 165 diff changeset	267
c9483550701b - refactored random mp_int generation and byte->mp_int code Matt Johnston <matt@ucc.asn.au> parents: 165 diff changeset	268 /* With blinding, s = (r^(-1))((em)r^e)^d mod n /
c9483550701b - refactored random mp_int generation and byte->mp_int code Matt Johnston <matt@ucc.asn.au> parents: 165 diff changeset	269
c9483550701b - refactored random mp_int generation and byte->mp_int code Matt Johnston <matt@ucc.asn.au> parents: 165 diff changeset	270 /* generate the r blinding value */
c9483550701b - refactored random mp_int generation and byte->mp_int code Matt Johnston <matt@ucc.asn.au> parents: 165 diff changeset	271 /* rsa_tmp2 is r */
c9483550701b - refactored random mp_int generation and byte->mp_int code Matt Johnston <matt@ucc.asn.au> parents: 165 diff changeset	272 gen_random_mpint(key->n, &rsa_tmp2);
c9483550701b - refactored random mp_int generation and byte->mp_int code Matt Johnston <matt@ucc.asn.au> parents: 165 diff changeset	273
c9483550701b - refactored random mp_int generation and byte->mp_int code Matt Johnston <matt@ucc.asn.au> parents: 165 diff changeset	274 /* rsa_tmp1 is em */
c9483550701b - refactored random mp_int generation and byte->mp_int code Matt Johnston <matt@ucc.asn.au> parents: 165 diff changeset	275 /* em' = em * r^e mod n */
c9483550701b - refactored random mp_int generation and byte->mp_int code Matt Johnston <matt@ucc.asn.au> parents: 165 diff changeset	276
340 454a34b2dfd1 Fixes from Erik Hovland: Matt Johnston <matt@ucc.asn.au> parents: 276 diff changeset	277 /* rsa_s used as a temp var*/
454a34b2dfd1 Fixes from Erik Hovland: Matt Johnston <matt@ucc.asn.au> parents: 276 diff changeset	278 if (mp_exptmod(&rsa_tmp2, key->e, key->n, &rsa_s) != MP_OKAY) {
594 a98a2138364a Improve capitalisation for all logged strings Matt Johnston <matt@ucc.asn.au> parents: 586 diff changeset	279 dropbear_exit("RSA error");
340 454a34b2dfd1 Fixes from Erik Hovland: Matt Johnston <matt@ucc.asn.au> parents: 276 diff changeset	280 }
454a34b2dfd1 Fixes from Erik Hovland: Matt Johnston <matt@ucc.asn.au> parents: 276 diff changeset	281 if (mp_invmod(&rsa_tmp2, key->n, &rsa_tmp3) != MP_OKAY) {
594 a98a2138364a Improve capitalisation for all logged strings Matt Johnston <matt@ucc.asn.au> parents: 586 diff changeset	282 dropbear_exit("RSA error");
340 454a34b2dfd1 Fixes from Erik Hovland: Matt Johnston <matt@ucc.asn.au> parents: 276 diff changeset	283 }
454a34b2dfd1 Fixes from Erik Hovland: Matt Johnston <matt@ucc.asn.au> parents: 276 diff changeset	284 if (mp_mulmod(&rsa_tmp1, &rsa_s, key->n, &rsa_tmp2) != MP_OKAY) {
594 a98a2138364a Improve capitalisation for all logged strings Matt Johnston <matt@ucc.asn.au> parents: 586 diff changeset	285 dropbear_exit("RSA error");
340 454a34b2dfd1 Fixes from Erik Hovland: Matt Johnston <matt@ucc.asn.au> parents: 276 diff changeset	286 }
188 c9483550701b - refactored random mp_int generation and byte->mp_int code Matt Johnston <matt@ucc.asn.au> parents: 165 diff changeset	287
c9483550701b - refactored random mp_int generation and byte->mp_int code Matt Johnston <matt@ucc.asn.au> parents: 165 diff changeset	288 /* rsa_tmp2 is em' */
c9483550701b - refactored random mp_int generation and byte->mp_int code Matt Johnston <matt@ucc.asn.au> parents: 165 diff changeset	289 /* s' = (em')^d mod n */
340 454a34b2dfd1 Fixes from Erik Hovland: Matt Johnston <matt@ucc.asn.au> parents: 276 diff changeset	290 if (mp_exptmod(&rsa_tmp2, key->d, key->n, &rsa_tmp1) != MP_OKAY) {
594 a98a2138364a Improve capitalisation for all logged strings Matt Johnston <matt@ucc.asn.au> parents: 586 diff changeset	291 dropbear_exit("RSA error");
340 454a34b2dfd1 Fixes from Erik Hovland: Matt Johnston <matt@ucc.asn.au> parents: 276 diff changeset	292 }
188 c9483550701b - refactored random mp_int generation and byte->mp_int code Matt Johnston <matt@ucc.asn.au> parents: 165 diff changeset	293
c9483550701b - refactored random mp_int generation and byte->mp_int code Matt Johnston <matt@ucc.asn.au> parents: 165 diff changeset	294 /* rsa_tmp1 is s' */
c9483550701b - refactored random mp_int generation and byte->mp_int code Matt Johnston <matt@ucc.asn.au> parents: 165 diff changeset	295 /* rsa_tmp3 is r^(-1) mod n */
c9483550701b - refactored random mp_int generation and byte->mp_int code Matt Johnston <matt@ucc.asn.au> parents: 165 diff changeset	296 /* s = (s')r^(-1) mod n */
340 454a34b2dfd1 Fixes from Erik Hovland: Matt Johnston <matt@ucc.asn.au> parents: 276 diff changeset	297 if (mp_mulmod(&rsa_tmp1, &rsa_tmp3, key->n, &rsa_s) != MP_OKAY) {
594 a98a2138364a Improve capitalisation for all logged strings Matt Johnston <matt@ucc.asn.au> parents: 586 diff changeset	298 dropbear_exit("RSA error");
340 454a34b2dfd1 Fixes from Erik Hovland: Matt Johnston <matt@ucc.asn.au> parents: 276 diff changeset	299 }
188 c9483550701b - refactored random mp_int generation and byte->mp_int code Matt Johnston <matt@ucc.asn.au> parents: 165 diff changeset	300
c9483550701b - refactored random mp_int generation and byte->mp_int code Matt Johnston <matt@ucc.asn.au> parents: 165 diff changeset	301 #else
c9483550701b - refactored random mp_int generation and byte->mp_int code Matt Johnston <matt@ucc.asn.au> parents: 165 diff changeset	302
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	303 /* s = em^d mod n */
188 c9483550701b - refactored random mp_int generation and byte->mp_int code Matt Johnston <matt@ucc.asn.au> parents: 165 diff changeset	304 /* rsa_tmp1 is em */
c9483550701b - refactored random mp_int generation and byte->mp_int code Matt Johnston <matt@ucc.asn.au> parents: 165 diff changeset	305 if (mp_exptmod(&rsa_tmp1, key->d, key->n, &rsa_s) != MP_OKAY) {
594 a98a2138364a Improve capitalisation for all logged strings Matt Johnston <matt@ucc.asn.au> parents: 586 diff changeset	306 dropbear_exit("RSA error");
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	307 }
188 c9483550701b - refactored random mp_int generation and byte->mp_int code Matt Johnston <matt@ucc.asn.au> parents: 165 diff changeset	308
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1250 diff changeset	309 #endif /* DROPBEAR_RSA_BLINDING */
188 c9483550701b - refactored random mp_int generation and byte->mp_int code Matt Johnston <matt@ucc.asn.au> parents: 165 diff changeset	310
c9483550701b - refactored random mp_int generation and byte->mp_int code Matt Johnston <matt@ucc.asn.au> parents: 165 diff changeset	311 mp_clear_multi(&rsa_tmp1, &rsa_tmp2, &rsa_tmp3, NULL);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	312
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	313 /* create the signature to return */
1123 d7b752525b91 buf_getstring and buf_putstring now use non-unsigned char* Matt Johnston <matt@ucc.asn.au> parents: 1094 diff changeset	314 buf_putstring(buf, SSH_SIGNKEY_RSA, SSH_SIGNKEY_RSA_LEN);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	315
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	316 nsize = mp_unsigned_bin_size(key->n);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	317
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	318 /* string rsa_signature_blob length */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	319 buf_putint(buf, nsize);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	320 /* pad out s to same length as n */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	321 ssize = mp_unsigned_bin_size(&rsa_s);
241 c5d3ef11155f * use own assertions which should get logged properly Matt Johnston <matt@ucc.asn.au> parents: 216 diff changeset	322 dropbear_assert(ssize <= nsize);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	323 for (i = 0; i < nsize-ssize; i++) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	324 buf_putbyte(buf, 0x00);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	325 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	326
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	327 if (mp_to_unsigned_bin(&rsa_s, buf_getwriteptr(buf, ssize)) != MP_OKAY) {
594 a98a2138364a Improve capitalisation for all logged strings Matt Johnston <matt@ucc.asn.au> parents: 586 diff changeset	328 dropbear_exit("RSA error");
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	329 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	330 buf_incrwritepos(buf, ssize);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	331 mp_clear(&rsa_s);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	332
1402 553c6bb80265 fix DEBUG_* condition Francois Perrad <francois.perrad@gadz.org> parents: 1295 diff changeset	333 #if defined(DEBUG_RSA) && DEBUG_TRACE
907 4a74c58e11fc Make some debug info conditional Matt Johnston <matt@ucc.asn.au> parents: 858 diff changeset	334 if (!debug_trace) {
4a74c58e11fc Make some debug info conditional Matt Johnston <matt@ucc.asn.au> parents: 858 diff changeset	335 printhex("RSA sig", buf->data, buf->len);
4a74c58e11fc Make some debug info conditional Matt Johnston <matt@ucc.asn.au> parents: 858 diff changeset	336 }
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	337 #endif
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	338
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	339
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 84 diff changeset	340 TRACE(("leave buf_put_rsa_sign"))
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	341 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	342
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	343 /* Creates the message value as expected by PKCS, see rfc2437 etc */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	344 /* format to be padded to is:
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	345 * EM = 01 \| FF* \| 00 \| prefix \| hash
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	346 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	347 * where FF is repeated enough times to make EM one byte
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	348 * shorter than the size of key->n
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	349 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	350 * prefix is the ASN1 designator prefix,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	351 * hex 30 21 30 09 06 05 2B 0E 03 02 1A 05 00 04 14
188 c9483550701b - refactored random mp_int generation and byte->mp_int code Matt Johnston <matt@ucc.asn.au> parents: 165 diff changeset	352 *
c9483550701b - refactored random mp_int generation and byte->mp_int code Matt Johnston <matt@ucc.asn.au> parents: 165 diff changeset	353 * rsa_em must be a pointer to an initialised mp_int.
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	354 */
1459 06d52bcb8094 Pointer parameter could be declared as pointing to const Francois Perrad <francois.perrad@gadz.org> parents: 1409 diff changeset	355 static void rsa_pad_em(const dropbear_rsa_key * key,
06d52bcb8094 Pointer parameter could be declared as pointing to const Francois Perrad <francois.perrad@gadz.org> parents: 1409 diff changeset	356 const buffer data_buf, mp_int rsa_em) {
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	357
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	358 /* ASN1 designator (including the 0x00 preceding) */
198 65585699d980 * add a "label" argument to printhex() Matt Johnston <matt@ucc.asn.au> parents: 188 diff changeset	359 const unsigned char rsa_asn1_magic[] =
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	360 {0x00, 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	361 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14};
198 65585699d980 * add a "label" argument to printhex() Matt Johnston <matt@ucc.asn.au> parents: 188 diff changeset	362 const unsigned int RSA_ASN1_MAGIC_LEN = 16;
65585699d980 * add a "label" argument to printhex() Matt Johnston <matt@ucc.asn.au> parents: 188 diff changeset	363
70 b0316ce64e4b Merging in the changes from 0.41-0.43 main Dropbear tree Matt Johnston <matt@ucc.asn.au> parents: 34 diff changeset	364 buffer * rsa_EM = NULL;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	365 hash_state hs;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	366 unsigned int nsize;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	367
241 c5d3ef11155f * use own assertions which should get logged properly Matt Johnston <matt@ucc.asn.au> parents: 216 diff changeset	368 dropbear_assert(key != NULL);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	369 nsize = mp_unsigned_bin_size(key->n);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	370
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	371 rsa_EM = buf_new(nsize-1);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	372 /* type byte */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	373 buf_putbyte(rsa_EM, 0x01);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	374 /* Padding with 0xFF bytes */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	375 while(rsa_EM->pos != rsa_EM->size - RSA_ASN1_MAGIC_LEN - SHA1_HASH_SIZE) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	376 buf_putbyte(rsa_EM, 0xff);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	377 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	378 /* Magic ASN1 stuff */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	379 memcpy(buf_getwriteptr(rsa_EM, RSA_ASN1_MAGIC_LEN),
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	380 rsa_asn1_magic, RSA_ASN1_MAGIC_LEN);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	381 buf_incrwritepos(rsa_EM, RSA_ASN1_MAGIC_LEN);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	382
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	383 /* The hash of the data */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	384 sha1_init(&hs);
760 f336d232fc63 Make _sign and _verify functions take a buffer* rather than void* and int Matt Johnston <matt@ucc.asn.au> parents: 594 diff changeset	385 sha1_process(&hs, data_buf->data, data_buf->len);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	386 sha1_done(&hs, buf_getwriteptr(rsa_EM, SHA1_HASH_SIZE));
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	387 buf_incrwritepos(rsa_EM, SHA1_HASH_SIZE);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	388
241 c5d3ef11155f * use own assertions which should get logged properly Matt Johnston <matt@ucc.asn.au> parents: 216 diff changeset	389 dropbear_assert(rsa_EM->pos == rsa_EM->size);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	390
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	391 /* Create the mp_int from the encoded bytes */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	392 buf_setpos(rsa_EM, 0);
188 c9483550701b - refactored random mp_int generation and byte->mp_int code Matt Johnston <matt@ucc.asn.au> parents: 165 diff changeset	393 bytes_to_mp(rsa_em, buf_getptr(rsa_EM, rsa_EM->size),
c9483550701b - refactored random mp_int generation and byte->mp_int code Matt Johnston <matt@ucc.asn.au> parents: 165 diff changeset	394 rsa_EM->size);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	395 buf_free(rsa_EM);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	396 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	397
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	398 #endif /* DROPBEAR_RSA */

Mercurial > dropbear

annotate rsa.c @ 1659:d32bcb5c557d