Mercurial > dropbear
view libtomcrypt/notes/tech0006.txt @ 340:454a34b2dfd1
Fixes from Erik Hovland:
cli-authpubkey.c:
fix leak of keybuf
cli-kex.c:
fix leak of fingerprint fp
cli-service.c:
remove commented out code
dropbearkey.c:
don't attepmt to free NULL key on failure
common-kex.c:
only free key if it is initialised
keyimport.c:
remove dead encrypted-key code
don't leak a FILE* loading OpenSSH keys
rsa.c, dss.c:
check return values for some libtommath functions
svr-kex.c:
check return value retrieving DH kex mpint
svr-tcpfwd.c:
fix null-dereference if remote tcp forward request fails
tcp-accept.c:
don't incorrectly free the tcpinfo var
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Fri, 07 Jul 2006 09:17:18 +0000 |
| parents | 1b9e69c058d2 |
| children |
line wrap: on
line source
Tech Note 0006 PK Standards Compliance Tom St Denis RSA ---- PKCS #1 compliance. Key Format: RSAPublicKey and RSAPrivateKey as per PKCS #1 v2.1 Encryption: OAEP as per PKCS #1 Signature : PSS as per PKCS #1 DSA ---- The NIST DSA algorithm Key Format: HomeBrew [see below] Signature : ANSI X9.62 format [see below]. Keys are stored as DSAPublicKey ::= SEQUENCE { publicFlags BIT STRING(1), -- must be 0 g INTEGER , -- base generator, check that g^q mod p == 1 -- and that 1 < g < p - 1 p INTEGER , -- prime modulus q INTEGER , -- order of sub-group (must be prime) y INTEGER , -- public key, specifically, g^x mod p, -- check that y^q mod p == 1 -- and that 1 < y < p - 1 } DSAPrivateKey ::= SEQUENCE { publicFlags BIT STRING(1), -- must be 1 g INTEGER , -- base generator, check that g^q mod p == 1 -- and that 1 < g < p - 1 p INTEGER , -- prime modulus q INTEGER , -- order of sub-group (must be prime) y INTEGER , -- public key, specifically, g^x mod p, -- check that y^q mod p == 1 -- and that 1 < y < p - 1 x INTEGER -- private key } Signatures are stored as DSASignature ::= SEQUENCE { r, s INTEGER -- signature parameters } ECC ---- The ANSI X9.62 and X9.63 algorithms [partial]. Supports all NIST GF(p) curves. Key Format : Homebrew [see below, only GF(p) NIST curves supported] Signature : X9.62 compliant Encryption : Homebrew [based on X9.63, differs in that the public point is stored as an ECCPublicKey] Shared Secret: X9.63 compliant ECCPublicKey ::= SEQUENCE { flags BIT STRING(1), -- public/private flag (always zero), keySize INTEGER, -- Curve size (in bits) divided by eight -- and rounded down, e.g. 521 => 65 pubkey.x INTEGER, -- The X co-ordinate of the public key point pubkey.y INTEGER, -- The Y co-ordinate of the public key point } ECCPrivateKey ::= SEQUENCE { flags BIT STRING(1), -- public/private flag (always one), keySize INTEGER, -- Curve size (in bits) divided by eight -- and rounded down, e.g. 521 => 65 pubkey.x INTEGER, -- The X co-ordinate of the public key point pubkey.y INTEGER, -- The Y co-ordinate of the public key point secret.k INTEGER, -- The secret key scalar } The encryption works by finding the X9.63 shared secret and hashing it. The hash is then simply XOR'ed against the message [which must be at most the size of the hash digest]. The format of the encrypted text is as follows ECCEncrypted ::= SEQUENCE { hashOID OBJECT IDENTIFIER, -- The OID of the hash used pubkey OCTET STRING , -- Encapsulation of a random ECCPublicKey skey OCTET STRING -- The encrypted text (which the hash was XOR'ed against) } % $Source: /cvs/libtom/libtomcrypt/notes/tech0006.txt,v $ % $Revision: 1.2 $ % $Date: 2005/06/18 02:26:27 $