Mercurial > dropbear
view rsa.c @ 211:f01f0400314d libtomcrypt
disapproval of revision 6a39eb8b36778460fca83b8149df2a8b6d3327fd
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Wed, 06 Jul 2005 13:23:45 +0000 |
parents | d7da3b1e1540 |
children |
line wrap: on
line source
/* LibTomCrypt, modular cryptographic library -- Tom St Denis * * LibTomCrypt is a library that provides various cryptographic * algorithms in a highly modular and flexible manner. * * The library is free for all purposes without any express * guarantee it works. * * Tom St Denis, [email protected], http://libtomcrypt.org */ /* RSA Code by Tom St Denis */ #include "mycrypt.h" #ifdef MRSA int rsa_signpad(const unsigned char *in, unsigned long inlen, unsigned char *out, unsigned long *outlen) { unsigned long x, y; _ARGCHK(in != NULL); _ARGCHK(out != NULL); _ARGCHK(outlen != NULL); if (*outlen < (3 * inlen)) { return CRYPT_BUFFER_OVERFLOW; } /* check inlen */ if (inlen > MAX_RSA_SIZE/8) { return CRYPT_PK_INVALID_SIZE; } for (y = x = 0; x < inlen; x++) out[y++] = (unsigned char)0xFF; for (x = 0; x < inlen; x++) out[y++] = in[x]; for (x = 0; x < inlen; x++) out[y++] = (unsigned char)0xFF; *outlen = 3 * inlen; return CRYPT_OK; } int rsa_pad(const unsigned char *in, unsigned long inlen, unsigned char *out, unsigned long *outlen, int wprng, prng_state *prng) { unsigned char buf[3*(MAX_RSA_SIZE/8)]; unsigned long x; int err; _ARGCHK(in != NULL); _ARGCHK(out != NULL); _ARGCHK(outlen != NULL); /* is output big enough? */ if (*outlen < (3 * inlen)) { return CRYPT_BUFFER_OVERFLOW; } /* get random padding required */ if ((err = prng_is_valid(wprng)) != CRYPT_OK) { return err; } /* check inlen */ if (inlen > (MAX_RSA_SIZE/8)) { return CRYPT_PK_INVALID_SIZE; } if (prng_descriptor[wprng].read(buf, inlen*2-2, prng) != (inlen*2 - 2)) { return CRYPT_ERROR_READPRNG; } /* pad it like a sandwhich * * Looks like 0xFF R1 M R2 0xFF * * Where R1/R2 are random and exactly equal to the length of M minus one byte. */ for (x = 0; x < inlen-1; x++) { out[x+1] = buf[x]; } for (x = 0; x < inlen; x++) { out[x+inlen] = in[x]; } for (x = 0; x < inlen-1; x++) { out[x+inlen+inlen] = buf[x+inlen-1]; } /* last and first bytes are 0xFF */ out[0] = out[inlen+inlen+inlen-1] = (unsigned char)0xFF; /* clear up and return */ #ifdef CLEAN_STACK zeromem(buf, sizeof(buf)); #endif *outlen = inlen*3; return CRYPT_OK; } int rsa_signdepad(const unsigned char *in, unsigned long inlen, unsigned char *out, unsigned long *outlen) { unsigned long x; _ARGCHK(in != NULL); _ARGCHK(out != NULL); _ARGCHK(outlen != NULL); if (*outlen < inlen/3) { return CRYPT_BUFFER_OVERFLOW; } /* check padding bytes */ for (x = 0; x < inlen/3; x++) { if (in[x] != (unsigned char)0xFF || in[x+(inlen/3)+(inlen/3)] != (unsigned char)0xFF) { return CRYPT_INVALID_PACKET; } } for (x = 0; x < inlen/3; x++) { out[x] = in[x+(inlen/3)]; } *outlen = inlen/3; return CRYPT_OK; } int rsa_depad(const unsigned char *in, unsigned long inlen, unsigned char *out, unsigned long *outlen) { unsigned long x; _ARGCHK(in != NULL); _ARGCHK(out != NULL); _ARGCHK(outlen != NULL); if (*outlen < inlen/3) { return CRYPT_BUFFER_OVERFLOW; } for (x = 0; x < inlen/3; x++) { out[x] = in[x+(inlen/3)]; } *outlen = inlen/3; return CRYPT_OK; } int rsa_export(unsigned char *out, unsigned long *outlen, int type, rsa_key *key) { unsigned long y, z; int err; _ARGCHK(out != NULL); _ARGCHK(outlen != NULL); _ARGCHK(key != NULL); /* can we store the static header? */ if (*outlen < (PACKET_SIZE + 1)) { return CRYPT_BUFFER_OVERFLOW; } /* type valid? */ if (!(key->type == PK_PRIVATE || key->type == PK_PRIVATE_OPTIMIZED) && (type == PK_PRIVATE || type == PK_PRIVATE_OPTIMIZED)) { return CRYPT_PK_INVALID_TYPE; } /* start at offset y=PACKET_SIZE */ y = PACKET_SIZE; /* output key type */ out[y++] = type; /* output modulus */ OUTPUT_BIGNUM(&key->N, out, y, z); /* output public key */ OUTPUT_BIGNUM(&key->e, out, y, z); if (type == PK_PRIVATE || type == PK_PRIVATE_OPTIMIZED) { OUTPUT_BIGNUM(&key->d, out, y, z); } if (type == PK_PRIVATE_OPTIMIZED) { OUTPUT_BIGNUM(&key->dQ, out, y, z); OUTPUT_BIGNUM(&key->dP, out, y, z); OUTPUT_BIGNUM(&key->pQ, out, y, z); OUTPUT_BIGNUM(&key->qP, out, y, z); OUTPUT_BIGNUM(&key->p, out, y, z); OUTPUT_BIGNUM(&key->q, out, y, z); } /* store packet header */ packet_store_header(out, PACKET_SECT_RSA, PACKET_SUB_KEY); /* copy to the user buffer */ *outlen = y; /* clear stack and return */ return CRYPT_OK; } int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key *key) { unsigned long x, y; int err; _ARGCHK(in != NULL); _ARGCHK(key != NULL); /* check length */ if (inlen < (1+PACKET_SIZE)) { return CRYPT_INVALID_PACKET; } /* test packet header */ if ((err = packet_valid_header((unsigned char *)in, PACKET_SECT_RSA, PACKET_SUB_KEY)) != CRYPT_OK) { return err; } /* init key */ if ((err = mp_init_multi(&key->e, &key->d, &key->N, &key->dQ, &key->dP, &key->qP, &key->pQ, &key->p, &key->q, NULL)) != MP_OKAY) { return mpi_to_ltc_error(err); } /* get key type */ y = PACKET_SIZE; key->type = (int)in[y++]; /* load the modulus */ INPUT_BIGNUM(&key->N, in, x, y, inlen); /* load public exponent */ INPUT_BIGNUM(&key->e, in, x, y, inlen); /* get private exponent */ if (key->type == PK_PRIVATE || key->type == PK_PRIVATE_OPTIMIZED) { INPUT_BIGNUM(&key->d, in, x, y, inlen); } /* get CRT private data if required */ if (key->type == PK_PRIVATE_OPTIMIZED) { INPUT_BIGNUM(&key->dQ, in, x, y, inlen); INPUT_BIGNUM(&key->dP, in, x, y, inlen); INPUT_BIGNUM(&key->pQ, in, x, y, inlen); INPUT_BIGNUM(&key->qP, in, x, y, inlen); INPUT_BIGNUM(&key->p, in, x, y, inlen); INPUT_BIGNUM(&key->q, in, x, y, inlen); } /* free up ram not required */ if (key->type != PK_PRIVATE_OPTIMIZED) { mp_clear_multi(&key->dQ, &key->dP, &key->pQ, &key->qP, &key->p, &key->q, NULL); } if (key->type != PK_PRIVATE && key->type != PK_PRIVATE_OPTIMIZED) { mp_clear(&key->d); } return CRYPT_OK; error: mp_clear_multi(&key->d, &key->e, &key->N, &key->dQ, &key->dP, &key->pQ, &key->qP, &key->p, &key->q, NULL); return err; } #include "rsa_sys.c" #endif /* RSA */