Mercurial > dropbear

comparison rsa_sys.c @ 0:d7da3b1e1540 libtomcrypt

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
put back the 0.95 makefile which was inadvertently merged over
author Matt Johnston <matt@ucc.asn.au>
date Mon, 31 May 2004 18:21:40 +0000
parents
children
comparison
equal deleted inserted replaced
-1:000000000000 0:d7da3b1e1540
1 /* LibTomCrypt, modular cryptographic library -- Tom St Denis
2 *
3 * LibTomCrypt is a library that provides various cryptographic
4 * algorithms in a highly modular and flexible manner.
5 *
6 * The library is free for all purposes without any express
7 * guarantee it works.
8 *
9 * Tom St Denis, [email protected], http://libtomcrypt.org
10 */
11
12 /* these are smaller routines written by Clay Culver. They do the same function as the rsa_encrypt/decrypt
13 * except that they are used to RSA encrypt/decrypt a single value and not a packet.
14 */
15 int rsa_encrypt_key(const unsigned char *inkey, unsigned long inlen,
16 unsigned char *outkey, unsigned long *outlen,
17 prng_state *prng, int wprng, rsa_key *key)
18 {
19 unsigned char rsa_in[RSA_STACK], rsa_out[RSA_STACK];
20 unsigned long x, y, rsa_size;
21 int err;
22
23 _ARGCHK(inkey != NULL);
24 _ARGCHK(outkey != NULL);
25 _ARGCHK(outlen != NULL);
26 _ARGCHK(key != NULL);
27
28 /* only allow keys from 64 to 256 bits */
29 if (inlen < 8 || inlen > 32) {
30 return CRYPT_INVALID_ARG;
31 }
32
33 /* are the parameters valid? */
34 if ((err = prng_is_valid(wprng)) != CRYPT_OK) {
35 return err;
36 }
37
38 /* rsa_pad the symmetric key */
39 y = (unsigned long)sizeof(rsa_in);
40 if ((err = rsa_pad(inkey, inlen, rsa_in, &y, wprng, prng)) != CRYPT_OK) {
41 return CRYPT_ERROR;
42 }
43
44 /* rsa encrypt it */
45 rsa_size = (unsigned long)sizeof(rsa_out);
46 if ((err = rsa_exptmod(rsa_in, y, rsa_out, &rsa_size, PK_PUBLIC, key)) != CRYPT_OK) {
47 return CRYPT_ERROR;
48 }
49
50 /* check size */
51 if (*outlen < (PACKET_SIZE+4+rsa_size)) {
52 return CRYPT_BUFFER_OVERFLOW;
53 }
54
55 /* store header */
56 packet_store_header(outkey, PACKET_SECT_RSA, PACKET_SUB_ENC_KEY);
57
58 /* now lets make the header */
59 y = PACKET_SIZE;
60
61 /* store the size of the RSA value */
62 STORE32L(rsa_size, (outkey+y));
63 y += 4;
64
65 /* store the rsa value */
66 for (x = 0; x < rsa_size; x++, y++) {
67 outkey[y] = rsa_out[x];
68 }
69
70 *outlen = y;
71 #ifdef CLEAN_STACK
72 /* clean up */
73 zeromem(rsa_in, sizeof(rsa_in));
74 zeromem(rsa_out, sizeof(rsa_out));
75 #endif
76
77 return CRYPT_OK;
78 }
79
80 int rsa_decrypt_key(const unsigned char *in, unsigned long inlen,
81 unsigned char *outkey, unsigned long *keylen,
82 rsa_key *key)
83 {
84 unsigned char sym_key[MAXBLOCKSIZE], rsa_out[RSA_STACK];
85 unsigned long x, y, z, i, rsa_size;
86 int err;
87
88 _ARGCHK(in != NULL);
89 _ARGCHK(outkey != NULL);
90 _ARGCHK(keylen != NULL);
91 _ARGCHK(key != NULL);
92
93 /* right key type? */
94 if (key->type != PK_PRIVATE && key->type != PK_PRIVATE_OPTIMIZED) {
95 return CRYPT_PK_NOT_PRIVATE;
96 }
97
98 if (inlen < PACKET_SIZE+4) {
99 return CRYPT_INVALID_PACKET;
100 } else {
101 inlen -= PACKET_SIZE+4;
102 }
103
104 /* check the header */
105 if ((err = packet_valid_header((unsigned char *)in, PACKET_SECT_RSA, PACKET_SUB_ENC_KEY)) != CRYPT_OK) {
106 return err;
107 }
108
109 /* grab length of the rsa key */
110 y = PACKET_SIZE;
111 LOAD32L(rsa_size, (in+y));
112 if (inlen < rsa_size) {
113 return CRYPT_INVALID_PACKET;
114 } else {
115 inlen -= rsa_size;
116 }
117 y += 4;
118
119 /* decrypt it */
120 x = (unsigned long)sizeof(rsa_out);
121 if ((err = rsa_exptmod(in+y, rsa_size, rsa_out, &x, PK_PRIVATE, key)) != CRYPT_OK) {
122 return err;
123 }
124 y += rsa_size;
125
126 /* depad it */
127 z = (unsigned long)sizeof(sym_key);
128 if ((err = rsa_depad(rsa_out, x, sym_key, &z)) != CRYPT_OK) {
129 return err;
130 }
131
132 /* check size */
133 if (*keylen < z) {
134 return CRYPT_BUFFER_OVERFLOW;
135 }
136
137 for (i = 0; i < z; i++) {
138 outkey[i] = sym_key[i];
139 }
140
141 #ifdef CLEAN_STACK
142 /* clean up */
143 zeromem(sym_key, sizeof(sym_key));
144 zeromem(rsa_out, sizeof(rsa_out));
145 #endif
146 *keylen = z;
147 return CRYPT_OK;
148 }
149
150 int rsa_sign_hash(const unsigned char *in, unsigned long inlen,
151 unsigned char *out, unsigned long *outlen,
152 rsa_key *key)
153 {
154 unsigned long rsa_size, x, y;
155 unsigned char rsa_in[RSA_STACK], rsa_out[RSA_STACK];
156 int err;
157
158 _ARGCHK(in != NULL);
159 _ARGCHK(out != NULL);
160 _ARGCHK(outlen != NULL);
161 _ARGCHK(key != NULL);
162
163 /* reject nonsense sizes */
164 if (inlen > (512/3) || inlen < 16) {
165 return CRYPT_INVALID_ARG;
166 }
167
168 /* type of key? */
169 if (key->type != PK_PRIVATE && key->type != PK_PRIVATE_OPTIMIZED) {
170 return CRYPT_PK_NOT_PRIVATE;
171 }
172
173 /* pad it */
174 x = (unsigned long)sizeof(rsa_out);
175 if ((err = rsa_signpad(in, inlen, rsa_out, &x)) != CRYPT_OK) {
176 return err;
177 }
178
179 /* sign it */
180 rsa_size = (unsigned long)sizeof(rsa_in);
181 if ((err = rsa_exptmod(rsa_out, x, rsa_in, &rsa_size, PK_PRIVATE, key)) != CRYPT_OK) {
182 return err;
183 }
184
185 /* check size */
186 if (*outlen < (PACKET_SIZE+4+rsa_size)) {
187 return CRYPT_BUFFER_OVERFLOW;
188 }
189
190 /* now lets output the message */
191 y = PACKET_SIZE;
192
193 /* output the len */
194 STORE32L(rsa_size, (out+y));
195 y += 4;
196
197 /* store the signature */
198 for (x = 0; x < rsa_size; x++, y++) {
199 out[y] = rsa_in[x];
200 }
201
202 /* store header */
203 packet_store_header(out, PACKET_SECT_RSA, PACKET_SUB_SIGNED);
204
205 #ifdef CLEAN_STACK
206 /* clean up */
207 zeromem(rsa_in, sizeof(rsa_in));
208 zeromem(rsa_out, sizeof(rsa_out));
209 #endif
210 *outlen = y;
211 return CRYPT_OK;
212 }
213
214 int rsa_verify_hash(const unsigned char *sig, unsigned long siglen,
215 const unsigned char *md, int *stat, rsa_key *key)
216 {
217 unsigned long rsa_size, x, y, z;
218 unsigned char rsa_in[RSA_STACK], rsa_out[RSA_STACK];
219 int err;
220
221 _ARGCHK(sig != NULL);
222 _ARGCHK(md != NULL);
223 _ARGCHK(stat != NULL);
224 _ARGCHK(key != NULL);
225
226 /* always be incorrect by default */
227 *stat = 0;
228
229 if (siglen < PACKET_SIZE+4) {
230 return CRYPT_INVALID_PACKET;
231 } else {
232 siglen -= PACKET_SIZE+4;
233 }
234
235 /* verify header */
236 if ((err = packet_valid_header((unsigned char *)sig, PACKET_SECT_RSA, PACKET_SUB_SIGNED)) != CRYPT_OK) {
237 return err;
238 }
239
240 /* get the len */
241 y = PACKET_SIZE;
242 LOAD32L(rsa_size, (sig+y));
243 if (siglen < rsa_size) {
244 return CRYPT_INVALID_PACKET;
245 } else {
246 siglen -= rsa_size;
247 }
248 y += 4;
249
250 /* exptmod it */
251 x = (unsigned long)sizeof(rsa_out);
252 if ((err = rsa_exptmod(sig+y, rsa_size, rsa_out, &x, PK_PUBLIC, key)) != CRYPT_OK) {
253 return err;
254 }
255 y += rsa_size;
256
257 /* depad it */
258 z = (unsigned long)sizeof(rsa_in);
259 if ((err = rsa_signdepad(rsa_out, x, rsa_in, &z)) != CRYPT_OK) {
260 return err;
261 }
262
263 /* check? */
264 if (memcmp(rsa_in, md, (size_t)z) == 0) {
265 *stat = 1;
266 }
267
268 #ifdef CLEAN_STACK
269 zeromem(rsa_in, sizeof(rsa_in));
270 zeromem(rsa_out, sizeof(rsa_out));
271 #endif
272 return CRYPT_OK;
273 }
274