Branch data Line data Source code
1 : : /* $OpenBSD: rsa.c,v 1.31 2014/02/02 03:44:31 djm Exp $ */
2 : : /*
3 : : * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 : : * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5 : : * All rights reserved
6 : : *
7 : : * As far as I am concerned, the code I have written for this software
8 : : * can be used freely for any purpose. Any derived versions of this
9 : : * software must be clearly marked as such, and if the derived work is
10 : : * incompatible with the protocol description in the RFC file, it must be
11 : : * called by a name other than "ssh" or "Secure Shell".
12 : : *
13 : : *
14 : : * Copyright (c) 1999 Niels Provos. All rights reserved.
15 : : *
16 : : * Redistribution and use in source and binary forms, with or without
17 : : * modification, are permitted provided that the following conditions
18 : : * are met:
19 : : * 1. Redistributions of source code must retain the above copyright
20 : : * notice, this list of conditions and the following disclaimer.
21 : : * 2. Redistributions in binary form must reproduce the above copyright
22 : : * notice, this list of conditions and the following disclaimer in the
23 : : * documentation and/or other materials provided with the distribution.
24 : : *
25 : : * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
26 : : * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
27 : : * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
28 : : * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
29 : : * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
30 : : * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
31 : : * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
32 : : * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
33 : : * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34 : : * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35 : : *
36 : : *
37 : : * Description of the RSA algorithm can be found e.g. from the following
38 : : * sources:
39 : : *
40 : : * Bruce Schneier: Applied Cryptography. John Wiley & Sons, 1994.
41 : : *
42 : : * Jennifer Seberry and Josed Pieprzyk: Cryptography: An Introduction to
43 : : * Computer Security. Prentice-Hall, 1989.
44 : : *
45 : : * Man Young Rhee: Cryptography and Secure Data Communications. McGraw-Hill,
46 : : * 1994.
47 : : *
48 : : * R. Rivest, A. Shamir, and L. M. Adleman: Cryptographic Communications
49 : : * System and Method. US Patent 4,405,829, 1983.
50 : : *
51 : : * Hans Riesel: Prime Numbers and Computer Methods for Factorization.
52 : : * Birkhauser, 1994.
53 : : *
54 : : * The RSA Frequently Asked Questions document by RSA Data Security,
55 : : * Inc., 1995.
56 : : *
57 : : * RSA in 3 lines of perl by Adam Back <aba@atlax.ex.ac.uk>, 1995, as
58 : : * included below:
59 : : *
60 : : * [gone - had to be deleted - what a pity]
61 : : */
62 : :
63 : : #include "includes.h"
64 : :
65 : : #include <sys/types.h>
66 : :
67 : : #include <stdarg.h>
68 : : #include <string.h>
69 : :
70 : : #include "xmalloc.h"
71 : : #include "rsa.h"
72 : : #include "log.h"
73 : :
74 : : void
75 : 226 : rsa_public_encrypt(BIGNUM *out, BIGNUM *in, RSA *key)
76 : : {
77 : : u_char *inbuf, *outbuf;
78 : : int len, ilen, olen;
79 : :
80 [ + - ][ + - ]: 226 : if (BN_num_bits(key->e) < 2 || !BN_is_odd(key->e))
[ - + ]
81 : 0 : fatal("rsa_public_encrypt() exponent too small or not odd");
82 : :
83 : 226 : olen = BN_num_bytes(key->n);
84 : 226 : outbuf = xmalloc(olen);
85 : :
86 : 226 : ilen = BN_num_bytes(in);
87 : 226 : inbuf = xmalloc(ilen);
88 : 226 : BN_bn2bin(in, inbuf);
89 : :
90 [ - + ]: 226 : if ((len = RSA_public_encrypt(ilen, inbuf, outbuf, key,
91 : : RSA_PKCS1_PADDING)) <= 0)
92 : 0 : fatal("rsa_public_encrypt() failed");
93 : :
94 [ - + ]: 226 : if (BN_bin2bn(outbuf, len, out) == NULL)
95 : 0 : fatal("rsa_public_encrypt: BN_bin2bn failed");
96 : :
97 : 226 : explicit_bzero(outbuf, olen);
98 : 226 : explicit_bzero(inbuf, ilen);
99 : 226 : free(outbuf);
100 : 226 : free(inbuf);
101 : 226 : }
102 : :
103 : : int
104 : 265 : rsa_private_decrypt(BIGNUM *out, BIGNUM *in, RSA *key)
105 : : {
106 : : u_char *inbuf, *outbuf;
107 : : int len, ilen, olen;
108 : :
109 : 265 : olen = BN_num_bytes(key->n);
110 : 265 : outbuf = xmalloc(olen);
111 : :
112 : 265 : ilen = BN_num_bytes(in);
113 : 265 : inbuf = xmalloc(ilen);
114 : 265 : BN_bn2bin(in, inbuf);
115 : :
116 [ - + ]: 265 : if ((len = RSA_private_decrypt(ilen, inbuf, outbuf, key,
117 : : RSA_PKCS1_PADDING)) <= 0) {
118 : 0 : error("rsa_private_decrypt() failed");
119 : : } else {
120 [ - + ]: 265 : if (BN_bin2bn(outbuf, len, out) == NULL)
121 : 0 : fatal("rsa_private_decrypt: BN_bin2bn failed");
122 : : }
123 : 265 : explicit_bzero(outbuf, olen);
124 : 265 : explicit_bzero(inbuf, ilen);
125 : 265 : free(outbuf);
126 : 265 : free(inbuf);
127 : 265 : return len;
128 : : }
129 : :
130 : : /* calculate p-1 and q-1 */
131 : : void
132 : 1580 : rsa_generate_additional_parameters(RSA *rsa)
133 : : {
134 : : BIGNUM *aux;
135 : : BN_CTX *ctx;
136 : :
137 [ - + ]: 1580 : if ((aux = BN_new()) == NULL)
138 : 0 : fatal("rsa_generate_additional_parameters: BN_new failed");
139 [ - + ]: 1580 : if ((ctx = BN_CTX_new()) == NULL)
140 : 0 : fatal("rsa_generate_additional_parameters: BN_CTX_new failed");
141 : :
142 [ + - + - ]: 3160 : if ((BN_sub(aux, rsa->q, BN_value_one()) == 0) ||
143 [ + - ]: 3160 : (BN_mod(rsa->dmq1, rsa->d, aux, ctx) == 0) ||
144 [ - + ]: 3160 : (BN_sub(aux, rsa->p, BN_value_one()) == 0) ||
145 : 1580 : (BN_mod(rsa->dmp1, rsa->d, aux, ctx) == 0))
146 : 0 : fatal("rsa_generate_additional_parameters: BN_sub/mod failed");
147 : :
148 : 1580 : BN_clear_free(aux);
149 : 1580 : BN_CTX_free(ctx);
150 : 1580 : }
151 : :
|