Mercurial > dropbear

comparison rsa_sys.c @ 3:7faae8f46238 libtomcrypt-orig

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Branch renaming
author Matt Johnston <matt@ucc.asn.au>
date Mon, 31 May 2004 18:25:41 +0000
parents
children
comparison
equal deleted inserted replaced
-1:000000000000 3:7faae8f46238
1 /* LibTomCrypt, modular cryptographic library -- Tom St Denis
2 *
3 * LibTomCrypt is a library that provides various cryptographic
4 * algorithms in a highly modular and flexible manner.
5 *
6 * The library is free for all purposes without any express
7 * guarantee it works.
8 *
9 * Tom St Denis, [email protected], http://libtomcrypt.org
10 */
11
12 /* these are smaller routines written by Clay Culver. They do the same function as the rsa_encrypt/decrypt
13 * except that they are used to RSA encrypt/decrypt a single value and not a packet.
14 */
15 int rsa_encrypt_key(const unsigned char *inkey, unsigned long inlen,
16 unsigned char *outkey, unsigned long *outlen,
17 prng_state *prng, int wprng, rsa_key *key)
18 {
19 unsigned char rsa_in[RSA_STACK], rsa_out[RSA_STACK];
20 unsigned long x, y, rsa_size;
21 int err;
22
23 _ARGCHK(inkey != NULL);
24 _ARGCHK(outkey != NULL);
25 _ARGCHK(outlen != NULL);
26 _ARGCHK(key != NULL);
27
28 /* only allow keys from 64 to 256 bits */
29 if (inlen < 8 || inlen > 32) {
30 return CRYPT_INVALID_ARG;
31 }
32
33 /* are the parameters valid? */
34 if ((err = prng_is_valid(wprng)) != CRYPT_OK) {
35 return err;
36 }
37
38 /* rsa_pad the symmetric key */
39 y = (unsigned long)sizeof(rsa_in);
40 if ((err = rsa_pad(inkey, inlen, rsa_in, &y, wprng, prng)) != CRYPT_OK) {
41 return CRYPT_ERROR;
42 }
43
44 /* rsa encrypt it */
45 rsa_size = (unsigned long)sizeof(rsa_out);
46 if ((err = rsa_exptmod(rsa_in, y, rsa_out, &rsa_size, PK_PUBLIC, key)) != CRYPT_OK) {
47 return CRYPT_ERROR;
48 }
49
50 /* check size */
51 if (*outlen < (PACKET_SIZE+4+rsa_size)) {
52 return CRYPT_BUFFER_OVERFLOW;
53 }
54
55 /* store header */
56 packet_store_header(outkey, PACKET_SECT_RSA, PACKET_SUB_ENC_KEY);
57
58 /* now lets make the header */
59 y = PACKET_SIZE;
60
61 /* store the size of the RSA value */
62 STORE32L(rsa_size, (outkey+y));
63 y += 4;
64
65 /* store the rsa value */
66 for (x = 0; x < rsa_size; x++, y++) {
67 outkey[y] = rsa_out[x];
68 }
69
70 *outlen = y;
71 #ifdef CLEAN_STACK
72 /* clean up */
73 zeromem(rsa_in, sizeof(rsa_in));
74 zeromem(rsa_out, sizeof(rsa_out));
75 #endif
76
77 return CRYPT_OK;
78 }
79
80 int rsa_decrypt_key(const unsigned char *in, unsigned long inlen,
81 unsigned char *outkey, unsigned long *keylen,
82 rsa_key *key)
83 {
84 unsigned char sym_key[MAXBLOCKSIZE], rsa_out[RSA_STACK];
85 unsigned long x, y, z, i, rsa_size;
86 int err;
87
88 _ARGCHK(in != NULL);
89 _ARGCHK(outkey != NULL);
90 _ARGCHK(keylen != NULL);
91 _ARGCHK(key != NULL);
92
93 /* right key type? */
94 if (key->type != PK_PRIVATE && key->type != PK_PRIVATE_OPTIMIZED) {
95 return CRYPT_PK_NOT_PRIVATE;
96 }
97
98 if (inlen < PACKET_SIZE+4) {
99 return CRYPT_INVALID_PACKET;
100 } else {
101 inlen -= PACKET_SIZE+4;
102 }
103
104 /* check the header */
105 if ((err = packet_valid_header((unsigned char *)in, PACKET_SECT_RSA, PACKET_SUB_ENC_KEY)) != CRYPT_OK) {
106 return err;
107 }
108
109 /* grab length of the rsa key */
110 y = PACKET_SIZE;
111 LOAD32L(rsa_size, (in+y));
112 if (inlen < rsa_size) {
113 return CRYPT_INVALID_PACKET;
114 } else {
115 inlen -= rsa_size;
116 }
117 y += 4;
118
119 /* decrypt it */
120 x = (unsigned long)sizeof(rsa_out);
121 if ((err = rsa_exptmod(in+y, rsa_size, rsa_out, &x, PK_PRIVATE, key)) != CRYPT_OK) {
122 return err;
123 }
124 y += rsa_size;
125
126 /* depad it */
127 z = (unsigned long)sizeof(sym_key);
128 if ((err = rsa_depad(rsa_out, x, sym_key, &z)) != CRYPT_OK) {
129 return err;
130 }
131
132 /* check size */
133 if (*keylen < z) {
134 return CRYPT_BUFFER_OVERFLOW;
135 }
136
137 for (i = 0; i < z; i++) {
138 outkey[i] = sym_key[i];
139 }
140
141 #ifdef CLEAN_STACK
142 /* clean up */
143 zeromem(sym_key, sizeof(sym_key));
144 zeromem(rsa_out, sizeof(rsa_out));
145 #endif
146 *keylen = z;
147 return CRYPT_OK;
148 }
149
150 int rsa_sign_hash(const unsigned char *in, unsigned long inlen,
151 unsigned char *out, unsigned long *outlen,
152 rsa_key *key)
153 {
154 unsigned long rsa_size, x, y;
155 unsigned char rsa_in[RSA_STACK], rsa_out[RSA_STACK];
156 int err;
157
158 _ARGCHK(in != NULL);
159 _ARGCHK(out != NULL);
160 _ARGCHK(outlen != NULL);
161 _ARGCHK(key != NULL);
162
163 /* reject nonsense sizes */
164 if (inlen > (512/3) || inlen < 16) {
165 return CRYPT_INVALID_ARG;
166 }
167
168 /* type of key? */
169 if (key->type != PK_PRIVATE && key->type != PK_PRIVATE_OPTIMIZED) {
170 return CRYPT_PK_NOT_PRIVATE;
171 }
172
173 /* pad it */
174 x = (unsigned long)sizeof(rsa_out);
175 if ((err = rsa_signpad(in, inlen, rsa_out, &x)) != CRYPT_OK) {
176 return err;
177 }
178
179 /* sign it */
180 rsa_size = (unsigned long)sizeof(rsa_in);
181 if ((err = rsa_exptmod(rsa_out, x, rsa_in, &rsa_size, PK_PRIVATE, key)) != CRYPT_OK) {
182 return err;
183 }
184
185 /* check size */
186 if (*outlen < (PACKET_SIZE+4+rsa_size)) {
187 return CRYPT_BUFFER_OVERFLOW;
188 }
189
190 /* now lets output the message */
191 y = PACKET_SIZE;
192
193 /* output the len */
194 STORE32L(rsa_size, (out+y));
195 y += 4;
196
197 /* store the signature */
198 for (x = 0; x < rsa_size; x++, y++) {
199 out[y] = rsa_in[x];
200 }
201
202 /* store header */
203 packet_store_header(out, PACKET_SECT_RSA, PACKET_SUB_SIGNED);
204
205 #ifdef CLEAN_STACK
206 /* clean up */
207 zeromem(rsa_in, sizeof(rsa_in));
208 zeromem(rsa_out, sizeof(rsa_out));
209 #endif
210 *outlen = y;
211 return CRYPT_OK;
212 }
213
214 int rsa_verify_hash(const unsigned char *sig, unsigned long siglen,
215 const unsigned char *md, int *stat, rsa_key *key)
216 {
217 unsigned long rsa_size, x, y, z;
218 unsigned char rsa_in[RSA_STACK], rsa_out[RSA_STACK];
219 int err;
220
221 _ARGCHK(sig != NULL);
222 _ARGCHK(md != NULL);
223 _ARGCHK(stat != NULL);
224 _ARGCHK(key != NULL);
225
226 /* always be incorrect by default */
227 *stat = 0;
228
229 if (siglen < PACKET_SIZE+4) {
230 return CRYPT_INVALID_PACKET;
231 } else {
232 siglen -= PACKET_SIZE+4;
233 }
234
235 /* verify header */
236 if ((err = packet_valid_header((unsigned char *)sig, PACKET_SECT_RSA, PACKET_SUB_SIGNED)) != CRYPT_OK) {
237 return err;
238 }
239
240 /* get the len */
241 y = PACKET_SIZE;
242 LOAD32L(rsa_size, (sig+y));
243 if (siglen < rsa_size) {
244 return CRYPT_INVALID_PACKET;
245 } else {
246 siglen -= rsa_size;
247 }
248 y += 4;
249
250 /* exptmod it */
251 x = (unsigned long)sizeof(rsa_out);
252 if ((err = rsa_exptmod(sig+y, rsa_size, rsa_out, &x, PK_PUBLIC, key)) != CRYPT_OK) {
253 return err;
254 }
255 y += rsa_size;
256
257 /* depad it */
258 z = (unsigned long)sizeof(rsa_in);
259 if ((err = rsa_signdepad(rsa_out, x, rsa_in, &z)) != CRYPT_OK) {
260 return err;
261 }
262
263 /* check? */
264 if (memcmp(rsa_in, md, (size_t)z) == 0) {
265 *stat = 1;
266 }
267
268 #ifdef CLEAN_STACK
269 zeromem(rsa_in, sizeof(rsa_in));
270 zeromem(rsa_out, sizeof(rsa_out));
271 #endif
272 return CRYPT_OK;
273 }
274