Mercurial > dropbear
comparison rsa.c @ 478:d4f32c3443ac dbclient-netcat-alike
propagate from branch 'au.asn.ucc.matt.dropbear' (head f21045c791002d81fc6b8dde6537ea481e513eb2)
to branch 'au.asn.ucc.matt.dropbear.dbclient-netcat-alike' (head d1f69334581dc4c35f9ca16aa5355074c9dd315d)
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Sun, 14 Sep 2008 06:47:51 +0000 |
parents | a124aff0cbf1 |
children | b50f0107e505 76097ec1a29a |
comparison
equal
deleted
inserted
replaced
296:6b41e2cbf071 | 478:d4f32c3443ac |
---|---|
46 * The key will have the same format as buf_put_rsa_key. | 46 * The key will have the same format as buf_put_rsa_key. |
47 * These should be freed with rsa_key_free. | 47 * These should be freed with rsa_key_free. |
48 * Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */ | 48 * Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */ |
49 int buf_get_rsa_pub_key(buffer* buf, rsa_key *key) { | 49 int buf_get_rsa_pub_key(buffer* buf, rsa_key *key) { |
50 | 50 |
51 int ret = DROPBEAR_FAILURE; | |
51 TRACE(("enter buf_get_rsa_pub_key")) | 52 TRACE(("enter buf_get_rsa_pub_key")) |
52 dropbear_assert(key != NULL); | 53 dropbear_assert(key != NULL); |
53 key->e = m_malloc(sizeof(mp_int)); | 54 key->e = m_malloc(sizeof(mp_int)); |
54 key->n = m_malloc(sizeof(mp_int)); | 55 key->n = m_malloc(sizeof(mp_int)); |
55 m_mp_init_multi(key->e, key->n, NULL); | 56 m_mp_init_multi(key->e, key->n, NULL); |
60 buf_incrpos(buf, 4+SSH_SIGNKEY_RSA_LEN); /* int + "ssh-rsa" */ | 61 buf_incrpos(buf, 4+SSH_SIGNKEY_RSA_LEN); /* int + "ssh-rsa" */ |
61 | 62 |
62 if (buf_getmpint(buf, key->e) == DROPBEAR_FAILURE | 63 if (buf_getmpint(buf, key->e) == DROPBEAR_FAILURE |
63 || buf_getmpint(buf, key->n) == DROPBEAR_FAILURE) { | 64 || buf_getmpint(buf, key->n) == DROPBEAR_FAILURE) { |
64 TRACE(("leave buf_get_rsa_pub_key: failure")) | 65 TRACE(("leave buf_get_rsa_pub_key: failure")) |
65 return DROPBEAR_FAILURE; | 66 goto out; |
66 } | 67 } |
67 | 68 |
68 if (mp_count_bits(key->n) < MIN_RSA_KEYLEN) { | 69 if (mp_count_bits(key->n) < MIN_RSA_KEYLEN) { |
69 dropbear_log(LOG_WARNING, "rsa key too short"); | 70 dropbear_log(LOG_WARNING, "rsa key too short"); |
70 return DROPBEAR_FAILURE; | 71 goto out; |
71 } | 72 } |
72 | 73 |
73 TRACE(("leave buf_get_rsa_pub_key: success")) | 74 TRACE(("leave buf_get_rsa_pub_key: success")) |
74 return DROPBEAR_SUCCESS; | 75 ret = DROPBEAR_SUCCESS; |
75 | 76 out: |
76 } | 77 if (ret == DROPBEAR_FAILURE) { |
77 | 78 m_free(key->e); |
78 /* Same as buf_get_rsa_pub_key, but reads a private "x" key at the end. | 79 m_free(key->n); |
80 } | |
81 return ret; | |
82 } | |
83 | |
84 /* Same as buf_get_rsa_pub_key, but reads private bits at the end. | |
79 * Loads a private rsa key from a buffer | 85 * Loads a private rsa key from a buffer |
80 * Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */ | 86 * Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */ |
81 int buf_get_rsa_priv_key(buffer* buf, rsa_key *key) { | 87 int buf_get_rsa_priv_key(buffer* buf, rsa_key *key) { |
82 | 88 int ret = DROPBEAR_FAILURE; |
83 dropbear_assert(key != NULL); | |
84 | 89 |
85 TRACE(("enter buf_get_rsa_priv_key")) | 90 TRACE(("enter buf_get_rsa_priv_key")) |
91 dropbear_assert(key != NULL); | |
86 | 92 |
87 if (buf_get_rsa_pub_key(buf, key) == DROPBEAR_FAILURE) { | 93 if (buf_get_rsa_pub_key(buf, key) == DROPBEAR_FAILURE) { |
88 TRACE(("leave buf_get_rsa_priv_key: pub: ret == DROPBEAR_FAILURE")) | 94 TRACE(("leave buf_get_rsa_priv_key: pub: ret == DROPBEAR_FAILURE")) |
89 return DROPBEAR_FAILURE; | 95 return DROPBEAR_FAILURE; |
90 } | 96 } |
97 | |
98 key->d = NULL; | |
99 key->p = NULL; | |
100 key->q = NULL; | |
91 | 101 |
92 key->d = m_malloc(sizeof(mp_int)); | 102 key->d = m_malloc(sizeof(mp_int)); |
93 m_mp_init(key->d); | 103 m_mp_init(key->d); |
94 if (buf_getmpint(buf, key->d) == DROPBEAR_FAILURE) { | 104 if (buf_getmpint(buf, key->d) == DROPBEAR_FAILURE) { |
95 TRACE(("leave buf_get_rsa_priv_key: d: ret == DROPBEAR_FAILURE")) | 105 TRACE(("leave buf_get_rsa_priv_key: d: ret == DROPBEAR_FAILURE")) |
96 return DROPBEAR_FAILURE; | 106 goto out; |
97 } | 107 } |
98 | 108 |
99 /* old Dropbear private keys didn't keep p and q, so we will ignore them*/ | |
100 if (buf->pos == buf->len) { | 109 if (buf->pos == buf->len) { |
101 key->p = NULL; | 110 /* old Dropbear private keys didn't keep p and q, so we will ignore them*/ |
102 key->q = NULL; | |
103 } else { | 111 } else { |
104 key->p = m_malloc(sizeof(mp_int)); | 112 key->p = m_malloc(sizeof(mp_int)); |
105 key->q = m_malloc(sizeof(mp_int)); | 113 key->q = m_malloc(sizeof(mp_int)); |
106 m_mp_init_multi(key->p, key->q, NULL); | 114 m_mp_init_multi(key->p, key->q, NULL); |
107 | 115 |
108 if (buf_getmpint(buf, key->p) == DROPBEAR_FAILURE) { | 116 if (buf_getmpint(buf, key->p) == DROPBEAR_FAILURE) { |
109 TRACE(("leave buf_get_rsa_priv_key: p: ret == DROPBEAR_FAILURE")) | 117 TRACE(("leave buf_get_rsa_priv_key: p: ret == DROPBEAR_FAILURE")) |
110 return DROPBEAR_FAILURE; | 118 goto out; |
111 } | 119 } |
112 | 120 |
113 if (buf_getmpint(buf, key->q) == DROPBEAR_FAILURE) { | 121 if (buf_getmpint(buf, key->q) == DROPBEAR_FAILURE) { |
114 TRACE(("leave buf_get_rsa_priv_key: q: ret == DROPBEAR_FAILURE")) | 122 TRACE(("leave buf_get_rsa_priv_key: q: ret == DROPBEAR_FAILURE")) |
115 return DROPBEAR_FAILURE; | 123 goto out; |
116 } | 124 } |
117 } | 125 } |
118 | 126 |
127 ret = DROPBEAR_SUCCESS; | |
128 out: | |
129 if (ret == DROPBEAR_FAILURE) { | |
130 m_free(key->d); | |
131 m_free(key->p); | |
132 m_free(key->q); | |
133 } | |
119 TRACE(("leave buf_get_rsa_priv_key")) | 134 TRACE(("leave buf_get_rsa_priv_key")) |
120 return DROPBEAR_SUCCESS; | 135 return ret; |
121 } | 136 } |
122 | 137 |
123 | 138 |
124 /* Clear and free the memory used by a public or private key */ | 139 /* Clear and free the memory used by a public or private key */ |
125 void rsa_key_free(rsa_key *key) { | 140 void rsa_key_free(rsa_key *key) { |
283 gen_random_mpint(key->n, &rsa_tmp2); | 298 gen_random_mpint(key->n, &rsa_tmp2); |
284 | 299 |
285 /* rsa_tmp1 is em */ | 300 /* rsa_tmp1 is em */ |
286 /* em' = em * r^e mod n */ | 301 /* em' = em * r^e mod n */ |
287 | 302 |
288 mp_exptmod(&rsa_tmp2, key->e, key->n, &rsa_s); /* rsa_s used as a temp var*/ | 303 /* rsa_s used as a temp var*/ |
289 mp_invmod(&rsa_tmp2, key->n, &rsa_tmp3); | 304 if (mp_exptmod(&rsa_tmp2, key->e, key->n, &rsa_s) != MP_OKAY) { |
290 mp_mulmod(&rsa_tmp1, &rsa_s, key->n, &rsa_tmp2); | 305 dropbear_exit("rsa error"); |
306 } | |
307 if (mp_invmod(&rsa_tmp2, key->n, &rsa_tmp3) != MP_OKAY) { | |
308 dropbear_exit("rsa error"); | |
309 } | |
310 if (mp_mulmod(&rsa_tmp1, &rsa_s, key->n, &rsa_tmp2) != MP_OKAY) { | |
311 dropbear_exit("rsa error"); | |
312 } | |
291 | 313 |
292 /* rsa_tmp2 is em' */ | 314 /* rsa_tmp2 is em' */ |
293 /* s' = (em')^d mod n */ | 315 /* s' = (em')^d mod n */ |
294 mp_exptmod(&rsa_tmp2, key->d, key->n, &rsa_tmp1); | 316 if (mp_exptmod(&rsa_tmp2, key->d, key->n, &rsa_tmp1) != MP_OKAY) { |
317 dropbear_exit("rsa error"); | |
318 } | |
295 | 319 |
296 /* rsa_tmp1 is s' */ | 320 /* rsa_tmp1 is s' */ |
297 /* rsa_tmp3 is r^(-1) mod n */ | 321 /* rsa_tmp3 is r^(-1) mod n */ |
298 /* s = (s')r^(-1) mod n */ | 322 /* s = (s')r^(-1) mod n */ |
299 mp_mulmod(&rsa_tmp1, &rsa_tmp3, key->n, &rsa_s); | 323 if (mp_mulmod(&rsa_tmp1, &rsa_tmp3, key->n, &rsa_s) != MP_OKAY) { |
324 dropbear_exit("rsa error"); | |
325 } | |
300 | 326 |
301 #else | 327 #else |
302 | 328 |
303 /* s = em^d mod n */ | 329 /* s = em^d mod n */ |
304 /* rsa_tmp1 is em */ | 330 /* rsa_tmp1 is em */ |