Mercurial > dropbear

comparison rsa.c @ 844:68facbc41273

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
merge again
author Matt Johnston <matt@ucc.asn.au>
date Fri, 01 Nov 2013 00:19:25 +0800
parents 75509065db53
children 220f55d540ae
comparison
equal deleted inserted replaced
834:e378da7eae5d 844:68facbc41273
37 #include "random.h" 37 #include "random.h"
38 38
39 #ifdef DROPBEAR_RSA 39 #ifdef DROPBEAR_RSA
40 40
41 static void rsa_pad_em(dropbear_rsa_key * key, 41 static void rsa_pad_em(dropbear_rsa_key * key,
42 const unsigned char * data, unsigned int len, 42 buffer *data_buf, mp_int * rsa_em);
43 mp_int * rsa_em);
44 43
45 /* Load a public rsa key from a buffer, initialising the values. 44 /* Load a public rsa key from a buffer, initialising the values.
46 * The key will have the same format as buf_put_rsa_key. 45 * The key will have the same format as buf_put_rsa_key.
47 * These should be freed with rsa_key_free. 46 * These should be freed with rsa_key_free.
48 * Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */ 47 * Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
49 int buf_get_rsa_pub_key(buffer* buf, dropbear_rsa_key *key) { 48 int buf_get_rsa_pub_key(buffer* buf, dropbear_rsa_key *key) {
50 49
51 int ret = DROPBEAR_FAILURE; 50 int ret = DROPBEAR_FAILURE;
52 TRACE(("enter buf_get_rsa_pub_key")) 51 TRACE(("enter buf_get_rsa_pub_key"))
53 dropbear_assert(key != NULL); 52 dropbear_assert(key != NULL);
54 key->e = m_malloc(sizeof(mp_int)); 53 m_mp_alloc_init_multi(&key->e, &key->n, NULL);
55 key->n = m_malloc(sizeof(mp_int));
56 m_mp_init_multi(key->e, key->n, NULL);
57 key->d = NULL; 54 key->d = NULL;
58 key->p = NULL; 55 key->p = NULL;
59 key->q = NULL; 56 key->q = NULL;
60 57
61 buf_incrpos(buf, 4+SSH_SIGNKEY_RSA_LEN); /* int + "ssh-rsa" */ 58 buf_incrpos(buf, 4+SSH_SIGNKEY_RSA_LEN); /* int + "ssh-rsa" */
97 94
98 key->d = NULL; 95 key->d = NULL;
99 key->p = NULL; 96 key->p = NULL;
100 key->q = NULL; 97 key->q = NULL;
101 98
102 key->d = m_malloc(sizeof(mp_int)); 99 m_mp_alloc_init_multi(&key->d, NULL);
103 m_mp_init(key->d);
104 if (buf_getmpint(buf, key->d) == DROPBEAR_FAILURE) { 100 if (buf_getmpint(buf, key->d) == DROPBEAR_FAILURE) {
105 TRACE(("leave buf_get_rsa_priv_key: d: ret == DROPBEAR_FAILURE")) 101 TRACE(("leave buf_get_rsa_priv_key: d: ret == DROPBEAR_FAILURE"))
106 goto out; 102 goto out;
107 } 103 }
108 104
109 if (buf->pos == buf->len) { 105 if (buf->pos == buf->len) {
110 /* old Dropbear private keys didn't keep p and q, so we will ignore them*/ 106 /* old Dropbear private keys didn't keep p and q, so we will ignore them*/
111 } else { 107 } else {
112 key->p = m_malloc(sizeof(mp_int)); 108 m_mp_alloc_init_multi(&key->p, &key->q, NULL);
113 key->q = m_malloc(sizeof(mp_int));
114 m_mp_init_multi(key->p, key->q, NULL);
115 109
116 if (buf_getmpint(buf, key->p) == DROPBEAR_FAILURE) { 110 if (buf_getmpint(buf, key->p) == DROPBEAR_FAILURE) {
117 TRACE(("leave buf_get_rsa_priv_key: p: ret == DROPBEAR_FAILURE")) 111 TRACE(("leave buf_get_rsa_priv_key: p: ret == DROPBEAR_FAILURE"))
118 goto out; 112 goto out;
119 } 113 }
211 } 205 }
212 206
213 #ifdef DROPBEAR_SIGNKEY_VERIFY 207 #ifdef DROPBEAR_SIGNKEY_VERIFY
214 /* Verify a signature in buf, made on data by the key given. 208 /* Verify a signature in buf, made on data by the key given.
215 * Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */ 209 * Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
216 int buf_rsa_verify(buffer * buf, dropbear_rsa_key *key, const unsigned char* data, 210 int buf_rsa_verify(buffer * buf, dropbear_rsa_key *key, buffer *data_buf) {
217 unsigned int len) {
218
219 unsigned int slen; 211 unsigned int slen;
220 DEF_MP_INT(rsa_s); 212 DEF_MP_INT(rsa_s);
221 DEF_MP_INT(rsa_mdash); 213 DEF_MP_INT(rsa_mdash);
222 DEF_MP_INT(rsa_em); 214 DEF_MP_INT(rsa_em);
223 int ret = DROPBEAR_FAILURE; 215 int ret = DROPBEAR_FAILURE;
245 TRACE(("s > n-1")) 237 TRACE(("s > n-1"))
246 goto out; 238 goto out;
247 } 239 }
248 240
249 /* create the magic PKCS padded value */ 241 /* create the magic PKCS padded value */
250 rsa_pad_em(key, data, len, &rsa_em); 242 rsa_pad_em(key, data_buf, &rsa_em);
251 243
252 if (mp_exptmod(&rsa_s, key->e, key->n, &rsa_mdash) != MP_OKAY) { 244 if (mp_exptmod(&rsa_s, key->e, key->n, &rsa_mdash) != MP_OKAY) {
253 TRACE(("failed exptmod rsa_s")) 245 TRACE(("failed exptmod rsa_s"))
254 goto out; 246 goto out;
255 } 247 }
268 260
269 #endif /* DROPBEAR_SIGNKEY_VERIFY */ 261 #endif /* DROPBEAR_SIGNKEY_VERIFY */
270 262
271 /* Sign the data presented with key, writing the signature contents 263 /* Sign the data presented with key, writing the signature contents
272 * to the buffer */ 264 * to the buffer */
273 void buf_put_rsa_sign(buffer* buf, dropbear_rsa_key *key, const unsigned char* data, 265 void buf_put_rsa_sign(buffer* buf, dropbear_rsa_key *key, buffer *data_buf) {
274 unsigned int len) {
275
276 unsigned int nsize, ssize; 266 unsigned int nsize, ssize;
277 unsigned int i; 267 unsigned int i;
278 DEF_MP_INT(rsa_s); 268 DEF_MP_INT(rsa_s);
279 DEF_MP_INT(rsa_tmp1); 269 DEF_MP_INT(rsa_tmp1);
280 DEF_MP_INT(rsa_tmp2); 270 DEF_MP_INT(rsa_tmp2);
283 TRACE(("enter buf_put_rsa_sign")) 273 TRACE(("enter buf_put_rsa_sign"))
284 dropbear_assert(key != NULL); 274 dropbear_assert(key != NULL);
285 275
286 m_mp_init_multi(&rsa_s, &rsa_tmp1, &rsa_tmp2, &rsa_tmp3, NULL); 276 m_mp_init_multi(&rsa_s, &rsa_tmp1, &rsa_tmp2, &rsa_tmp3, NULL);
287 277
288 rsa_pad_em(key, data, len, &rsa_tmp1); 278 rsa_pad_em(key, data_buf, &rsa_tmp1);
289 279
290 /* the actual signing of the padded data */ 280 /* the actual signing of the padded data */
291 281
292 #ifdef RSA_BLINDING 282 #ifdef RSA_BLINDING
293 283
375 * hex 30 21 30 09 06 05 2B 0E 03 02 1A 05 00 04 14 365 * hex 30 21 30 09 06 05 2B 0E 03 02 1A 05 00 04 14
376 * 366 *
377 * rsa_em must be a pointer to an initialised mp_int. 367 * rsa_em must be a pointer to an initialised mp_int.
378 */ 368 */
379 static void rsa_pad_em(dropbear_rsa_key * key, 369 static void rsa_pad_em(dropbear_rsa_key * key,
380 const unsigned char * data, unsigned int len, 370 buffer *data_buf, mp_int * rsa_em) {
381 mp_int * rsa_em) {
382 371
383 /* ASN1 designator (including the 0x00 preceding) */ 372 /* ASN1 designator (including the 0x00 preceding) */
384 const unsigned char rsa_asn1_magic[] = 373 const unsigned char rsa_asn1_magic[] =
385 {0x00, 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 374 {0x00, 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b,
386 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14}; 375 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14};
389 buffer * rsa_EM = NULL; 378 buffer * rsa_EM = NULL;
390 hash_state hs; 379 hash_state hs;
391 unsigned int nsize; 380 unsigned int nsize;
392 381
393 dropbear_assert(key != NULL); 382 dropbear_assert(key != NULL);
394 dropbear_assert(data != NULL);
395 nsize = mp_unsigned_bin_size(key->n); 383 nsize = mp_unsigned_bin_size(key->n);
396 384
397 rsa_EM = buf_new(nsize-1); 385 rsa_EM = buf_new(nsize-1);
398 /* type byte */ 386 /* type byte */
399 buf_putbyte(rsa_EM, 0x01); 387 buf_putbyte(rsa_EM, 0x01);
406 rsa_asn1_magic, RSA_ASN1_MAGIC_LEN); 394 rsa_asn1_magic, RSA_ASN1_MAGIC_LEN);
407 buf_incrwritepos(rsa_EM, RSA_ASN1_MAGIC_LEN); 395 buf_incrwritepos(rsa_EM, RSA_ASN1_MAGIC_LEN);
408 396
409 /* The hash of the data */ 397 /* The hash of the data */
410 sha1_init(&hs); 398 sha1_init(&hs);
411 sha1_process(&hs, data, len); 399 sha1_process(&hs, data_buf->data, data_buf->len);
412 sha1_done(&hs, buf_getwriteptr(rsa_EM, SHA1_HASH_SIZE)); 400 sha1_done(&hs, buf_getwriteptr(rsa_EM, SHA1_HASH_SIZE));
413 buf_incrwritepos(rsa_EM, SHA1_HASH_SIZE); 401 buf_incrwritepos(rsa_EM, SHA1_HASH_SIZE);
414 402
415 dropbear_assert(rsa_EM->pos == rsa_EM->size); 403 dropbear_assert(rsa_EM->pos == rsa_EM->size);
416 404