Mercurial > dropbear
comparison rsa.c @ 910:89555751c489 asm
merge up to 2013.63, improve ASM makefile rules a bit
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Thu, 27 Feb 2014 21:35:58 +0800 |
| parents | 4a74c58e11fc |
| children | c45d65392c1a |
comparison
equal
deleted
inserted
replaced
| 909:e4b75744acab | 910:89555751c489 |
|---|---|
| 32 #include "dbutil.h" | 32 #include "dbutil.h" |
| 33 #include "bignum.h" | 33 #include "bignum.h" |
| 34 #include "rsa.h" | 34 #include "rsa.h" |
| 35 #include "buffer.h" | 35 #include "buffer.h" |
| 36 #include "ssh.h" | 36 #include "ssh.h" |
| 37 #include "random.h" | 37 #include "dbrandom.h" |
| 38 | 38 |
| 39 #ifdef DROPBEAR_RSA | 39 #ifdef DROPBEAR_RSA |
| 40 | 40 |
| 41 static void rsa_pad_em(dropbear_rsa_key * key, | 41 static void rsa_pad_em(dropbear_rsa_key * key, |
| 42 const unsigned char * data, unsigned int len, | 42 buffer *data_buf, mp_int * rsa_em); |
| 43 mp_int * rsa_em); | |
| 44 | 43 |
| 45 /* Load a public rsa key from a buffer, initialising the values. | 44 /* Load a public rsa key from a buffer, initialising the values. |
| 46 * The key will have the same format as buf_put_rsa_key. | 45 * The key will have the same format as buf_put_rsa_key. |
| 47 * These should be freed with rsa_key_free. | 46 * These should be freed with rsa_key_free. |
| 48 * Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */ | 47 * Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */ |
| 49 int buf_get_rsa_pub_key(buffer* buf, dropbear_rsa_key *key) { | 48 int buf_get_rsa_pub_key(buffer* buf, dropbear_rsa_key *key) { |
| 50 | 49 |
| 51 int ret = DROPBEAR_FAILURE; | 50 int ret = DROPBEAR_FAILURE; |
| 52 TRACE(("enter buf_get_rsa_pub_key")) | 51 TRACE(("enter buf_get_rsa_pub_key")) |
| 53 dropbear_assert(key != NULL); | 52 dropbear_assert(key != NULL); |
| 54 key->e = m_malloc(sizeof(mp_int)); | 53 m_mp_alloc_init_multi(&key->e, &key->n, NULL); |
| 55 key->n = m_malloc(sizeof(mp_int)); | |
| 56 m_mp_init_multi(key->e, key->n, NULL); | |
| 57 key->d = NULL; | 54 key->d = NULL; |
| 58 key->p = NULL; | 55 key->p = NULL; |
| 59 key->q = NULL; | 56 key->q = NULL; |
| 60 | 57 |
| 61 buf_incrpos(buf, 4+SSH_SIGNKEY_RSA_LEN); /* int + "ssh-rsa" */ | 58 buf_incrpos(buf, 4+SSH_SIGNKEY_RSA_LEN); /* int + "ssh-rsa" */ |
| 97 | 94 |
| 98 key->d = NULL; | 95 key->d = NULL; |
| 99 key->p = NULL; | 96 key->p = NULL; |
| 100 key->q = NULL; | 97 key->q = NULL; |
| 101 | 98 |
| 102 key->d = m_malloc(sizeof(mp_int)); | 99 m_mp_alloc_init_multi(&key->d, NULL); |
| 103 m_mp_init(key->d); | |
| 104 if (buf_getmpint(buf, key->d) == DROPBEAR_FAILURE) { | 100 if (buf_getmpint(buf, key->d) == DROPBEAR_FAILURE) { |
| 105 TRACE(("leave buf_get_rsa_priv_key: d: ret == DROPBEAR_FAILURE")) | 101 TRACE(("leave buf_get_rsa_priv_key: d: ret == DROPBEAR_FAILURE")) |
| 106 goto out; | 102 goto out; |
| 107 } | 103 } |
| 108 | 104 |
| 109 if (buf->pos == buf->len) { | 105 if (buf->pos == buf->len) { |
| 110 /* old Dropbear private keys didn't keep p and q, so we will ignore them*/ | 106 /* old Dropbear private keys didn't keep p and q, so we will ignore them*/ |
| 111 } else { | 107 } else { |
| 112 key->p = m_malloc(sizeof(mp_int)); | 108 m_mp_alloc_init_multi(&key->p, &key->q, NULL); |
| 113 key->q = m_malloc(sizeof(mp_int)); | |
| 114 m_mp_init_multi(key->p, key->q, NULL); | |
| 115 | 109 |
| 116 if (buf_getmpint(buf, key->p) == DROPBEAR_FAILURE) { | 110 if (buf_getmpint(buf, key->p) == DROPBEAR_FAILURE) { |
| 117 TRACE(("leave buf_get_rsa_priv_key: p: ret == DROPBEAR_FAILURE")) | 111 TRACE(("leave buf_get_rsa_priv_key: p: ret == DROPBEAR_FAILURE")) |
| 118 goto out; | 112 goto out; |
| 119 } | 113 } |
| 211 } | 205 } |
| 212 | 206 |
| 213 #ifdef DROPBEAR_SIGNKEY_VERIFY | 207 #ifdef DROPBEAR_SIGNKEY_VERIFY |
| 214 /* Verify a signature in buf, made on data by the key given. | 208 /* Verify a signature in buf, made on data by the key given. |
| 215 * Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */ | 209 * Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */ |
| 216 int buf_rsa_verify(buffer * buf, dropbear_rsa_key *key, const unsigned char* data, | 210 int buf_rsa_verify(buffer * buf, dropbear_rsa_key *key, buffer *data_buf) { |
| 217 unsigned int len) { | |
| 218 | |
| 219 unsigned int slen; | 211 unsigned int slen; |
| 220 DEF_MP_INT(rsa_s); | 212 DEF_MP_INT(rsa_s); |
| 221 DEF_MP_INT(rsa_mdash); | 213 DEF_MP_INT(rsa_mdash); |
| 222 DEF_MP_INT(rsa_em); | 214 DEF_MP_INT(rsa_em); |
| 223 int ret = DROPBEAR_FAILURE; | 215 int ret = DROPBEAR_FAILURE; |
| 245 TRACE(("s > n-1")) | 237 TRACE(("s > n-1")) |
| 246 goto out; | 238 goto out; |
| 247 } | 239 } |
| 248 | 240 |
| 249 /* create the magic PKCS padded value */ | 241 /* create the magic PKCS padded value */ |
| 250 rsa_pad_em(key, data, len, &rsa_em); | 242 rsa_pad_em(key, data_buf, &rsa_em); |
| 251 | 243 |
| 252 if (mp_exptmod(&rsa_s, key->e, key->n, &rsa_mdash) != MP_OKAY) { | 244 if (mp_exptmod(&rsa_s, key->e, key->n, &rsa_mdash) != MP_OKAY) { |
| 253 TRACE(("failed exptmod rsa_s")) | 245 TRACE(("failed exptmod rsa_s")) |
| 254 goto out; | 246 goto out; |
| 255 } | 247 } |
| 268 | 260 |
| 269 #endif /* DROPBEAR_SIGNKEY_VERIFY */ | 261 #endif /* DROPBEAR_SIGNKEY_VERIFY */ |
| 270 | 262 |
| 271 /* Sign the data presented with key, writing the signature contents | 263 /* Sign the data presented with key, writing the signature contents |
| 272 * to the buffer */ | 264 * to the buffer */ |
| 273 void buf_put_rsa_sign(buffer* buf, dropbear_rsa_key *key, const unsigned char* data, | 265 void buf_put_rsa_sign(buffer* buf, dropbear_rsa_key *key, buffer *data_buf) { |
| 274 unsigned int len) { | |
| 275 | |
| 276 unsigned int nsize, ssize; | 266 unsigned int nsize, ssize; |
| 277 unsigned int i; | 267 unsigned int i; |
| 278 DEF_MP_INT(rsa_s); | 268 DEF_MP_INT(rsa_s); |
| 279 DEF_MP_INT(rsa_tmp1); | 269 DEF_MP_INT(rsa_tmp1); |
| 280 DEF_MP_INT(rsa_tmp2); | 270 DEF_MP_INT(rsa_tmp2); |
| 283 TRACE(("enter buf_put_rsa_sign")) | 273 TRACE(("enter buf_put_rsa_sign")) |
| 284 dropbear_assert(key != NULL); | 274 dropbear_assert(key != NULL); |
| 285 | 275 |
| 286 m_mp_init_multi(&rsa_s, &rsa_tmp1, &rsa_tmp2, &rsa_tmp3, NULL); | 276 m_mp_init_multi(&rsa_s, &rsa_tmp1, &rsa_tmp2, &rsa_tmp3, NULL); |
| 287 | 277 |
| 288 rsa_pad_em(key, data, len, &rsa_tmp1); | 278 rsa_pad_em(key, data_buf, &rsa_tmp1); |
| 289 | 279 |
| 290 /* the actual signing of the padded data */ | 280 /* the actual signing of the padded data */ |
| 291 | 281 |
| 292 #ifdef RSA_BLINDING | 282 #ifdef RSA_BLINDING |
| 293 | 283 |
| 355 } | 345 } |
| 356 buf_incrwritepos(buf, ssize); | 346 buf_incrwritepos(buf, ssize); |
| 357 mp_clear(&rsa_s); | 347 mp_clear(&rsa_s); |
| 358 | 348 |
| 359 #if defined(DEBUG_RSA) && defined(DEBUG_TRACE) | 349 #if defined(DEBUG_RSA) && defined(DEBUG_TRACE) |
| 360 printhex("RSA sig", buf->data, buf->len); | 350 if (!debug_trace) { |
| 351 printhex("RSA sig", buf->data, buf->len); | |
| 352 } | |
| 361 #endif | 353 #endif |
| 362 | 354 |
| 363 | 355 |
| 364 TRACE(("leave buf_put_rsa_sign")) | 356 TRACE(("leave buf_put_rsa_sign")) |
| 365 } | 357 } |
| 375 * hex 30 21 30 09 06 05 2B 0E 03 02 1A 05 00 04 14 | 367 * hex 30 21 30 09 06 05 2B 0E 03 02 1A 05 00 04 14 |
| 376 * | 368 * |
| 377 * rsa_em must be a pointer to an initialised mp_int. | 369 * rsa_em must be a pointer to an initialised mp_int. |
| 378 */ | 370 */ |
| 379 static void rsa_pad_em(dropbear_rsa_key * key, | 371 static void rsa_pad_em(dropbear_rsa_key * key, |
| 380 const unsigned char * data, unsigned int len, | 372 buffer *data_buf, mp_int * rsa_em) { |
| 381 mp_int * rsa_em) { | |
| 382 | 373 |
| 383 /* ASN1 designator (including the 0x00 preceding) */ | 374 /* ASN1 designator (including the 0x00 preceding) */ |
| 384 const unsigned char rsa_asn1_magic[] = | 375 const unsigned char rsa_asn1_magic[] = |
| 385 {0x00, 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, | 376 {0x00, 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, |
| 386 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14}; | 377 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14}; |
| 389 buffer * rsa_EM = NULL; | 380 buffer * rsa_EM = NULL; |
| 390 hash_state hs; | 381 hash_state hs; |
| 391 unsigned int nsize; | 382 unsigned int nsize; |
| 392 | 383 |
| 393 dropbear_assert(key != NULL); | 384 dropbear_assert(key != NULL); |
| 394 dropbear_assert(data != NULL); | |
| 395 nsize = mp_unsigned_bin_size(key->n); | 385 nsize = mp_unsigned_bin_size(key->n); |
| 396 | 386 |
| 397 rsa_EM = buf_new(nsize-1); | 387 rsa_EM = buf_new(nsize-1); |
| 398 /* type byte */ | 388 /* type byte */ |
| 399 buf_putbyte(rsa_EM, 0x01); | 389 buf_putbyte(rsa_EM, 0x01); |
| 406 rsa_asn1_magic, RSA_ASN1_MAGIC_LEN); | 396 rsa_asn1_magic, RSA_ASN1_MAGIC_LEN); |
| 407 buf_incrwritepos(rsa_EM, RSA_ASN1_MAGIC_LEN); | 397 buf_incrwritepos(rsa_EM, RSA_ASN1_MAGIC_LEN); |
| 408 | 398 |
| 409 /* The hash of the data */ | 399 /* The hash of the data */ |
| 410 sha1_init(&hs); | 400 sha1_init(&hs); |
| 411 sha1_process(&hs, data, len); | 401 sha1_process(&hs, data_buf->data, data_buf->len); |
| 412 sha1_done(&hs, buf_getwriteptr(rsa_EM, SHA1_HASH_SIZE)); | 402 sha1_done(&hs, buf_getwriteptr(rsa_EM, SHA1_HASH_SIZE)); |
| 413 buf_incrwritepos(rsa_EM, SHA1_HASH_SIZE); | 403 buf_incrwritepos(rsa_EM, SHA1_HASH_SIZE); |
| 414 | 404 |
| 415 dropbear_assert(rsa_EM->pos == rsa_EM->size); | 405 dropbear_assert(rsa_EM->pos == rsa_EM->size); |
| 416 | 406 |