![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to r_enhanc.c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [PGP] / pgp / rsaref / source|
Return to r_enhanc.c CVS log | Up to [PGP] / pgp / rsaref / source |
1.1 ! root 1: /* R_ENHANC.C - cryptographic enhancements for RSAREF ! 2: */ ! 3: ! 4: /* Copyright (C) RSA Laboratories, a division of RSA Data Security, ! 5: Inc., created 1991. All rights reserved. ! 6: */ ! 7: ! 8: #include "global.h" ! 9: #include "rsaref.h" ! 10: #include "r_random.h" ! 11: #include "rsa.h" ! 12: ! 13: /* DigestInfo encoding is DIGEST_INFO_A, then 2 or 5 (for MD2/MD5), ! 14: then DIGEST_INFO_B, then 16-byte message digest. ! 15: */ ! 16: ! 17: static unsigned char DIGEST_INFO_A[] = { ! 18: 0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0x86, 0xf7, ! 19: 0x0d, 0x02 ! 20: }; ! 21: #define DIGEST_INFO_A_LEN sizeof (DIGEST_INFO_A) ! 22: ! 23: static unsigned char DIGEST_INFO_B[] = { 0x05, 0x00, 0x04, 0x10 }; ! 24: #define DIGEST_INFO_B_LEN sizeof (DIGEST_INFO_B) ! 25: ! 26: #define DIGEST_INFO_LEN (DIGEST_INFO_A_LEN + 1 + DIGEST_INFO_B_LEN + 16) ! 27: ! 28: static unsigned char *PADDING[] = { ! 29: (unsigned char *)"", (unsigned char *)"\001", (unsigned char *)"\002\002", ! 30: (unsigned char *)"\003\003\003", (unsigned char *)"\004\004\004\004", ! 31: (unsigned char *)"\005\005\005\005\005", ! 32: (unsigned char *)"\006\006\006\006\006\006", ! 33: (unsigned char *)"\007\007\007\007\007\007\007", ! 34: (unsigned char *)"\010\010\010\010\010\010\010\010" ! 35: }; ! 36: ! 37: #define MAX_ENCRYPTED_KEY_LEN MAX_RSA_MODULUS_LEN ! 38: ! 39: static void R_EncodeDigestInfo PROTO_LIST ! 40: ((unsigned char *, int, unsigned char *)); ! 41: static void EncryptPEMUpdateFinal PROTO_LIST ! 42: ((R_ENVELOPE_CTX *, unsigned char *, unsigned int *, unsigned char *, ! 43: unsigned int)); ! 44: static int DecryptPEMUpdateFinal PROTO_LIST ! 45: ((R_ENVELOPE_CTX *, unsigned char *, unsigned int *, unsigned char *, ! 46: unsigned int)); ! 47: static int CipherInit PROTO_LIST ! 48: ((R_ENVELOPE_CTX *, int, unsigned char *, unsigned char *, int)); ! 49: static void CipherUpdate PROTO_LIST ! 50: ((R_ENVELOPE_CTX *, unsigned char *, unsigned char *, unsigned int)); ! 51: static void CipherRestart PROTO_LIST ((R_ENVELOPE_CTX *)); ! 52: ! 53: int R_DigestInit (context, digestAlgorithm) ! 54: R_DIGEST_CTX *context; /* new context */ ! 55: int digestAlgorithm; /* message-digest algorithm */ ! 56: { ! 57: context->digestAlgorithm = digestAlgorithm; ! 58: ! 59: switch (digestAlgorithm) { ! 60: case DA_MD2: ! 61: MD2Init (&context->context.md2); ! 62: break; ! 63: ! 64: case DA_MD5: ! 65: MD5Init (&context->context.md5); ! 66: break; ! 67: ! 68: default: ! 69: return (RE_DIGEST_ALGORITHM); ! 70: } ! 71: ! 72: return (0); ! 73: } ! 74: ! 75: int R_DigestUpdate (context, partIn, partInLen) ! 76: R_DIGEST_CTX *context; /* context */ ! 77: unsigned char *partIn; /* next data part */ ! 78: unsigned int partInLen; /* length of next data part */ ! 79: { ! 80: if (context->digestAlgorithm == DA_MD2) ! 81: MD2Update (&context->context.md2, partIn, partInLen); ! 82: else ! 83: MD5Update (&context->context.md5, partIn, partInLen); ! 84: return (0); ! 85: } ! 86: ! 87: int R_DigestFinal (context, digest, digestLen) ! 88: R_DIGEST_CTX *context; /* context */ ! 89: unsigned char *digest; /* message digest */ ! 90: unsigned int *digestLen; /* length of message digest */ ! 91: { ! 92: *digestLen = 16; ! 93: if (context->digestAlgorithm == DA_MD2) ! 94: MD2Final (digest, &context->context.md2); ! 95: else ! 96: MD5Final (digest, &context->context.md5); ! 97: ! 98: return (0); ! 99: } ! 100: ! 101: int R_SignInit (context, digestAlgorithm) ! 102: R_SIGNATURE_CTX *context; /* new context */ ! 103: int digestAlgorithm; /* message-digest algorithm */ ! 104: { ! 105: return (R_DigestInit (&context->digestContext, digestAlgorithm)); ! 106: } ! 107: ! 108: int R_SignUpdate (context, partIn, partInLen) ! 109: R_SIGNATURE_CTX *context; /* context */ ! 110: unsigned char *partIn; /* next data part */ ! 111: unsigned int partInLen; /* length of next data part */ ! 112: { ! 113: return (R_DigestUpdate (&context->digestContext, partIn, partInLen)); ! 114: } ! 115: ! 116: int R_SignFinal (context, signature, signatureLen, privateKey) ! 117: R_SIGNATURE_CTX *context; /* context */ ! 118: unsigned char *signature; /* signature */ ! 119: unsigned int *signatureLen; /* length of signature */ ! 120: R_RSA_PRIVATE_KEY *privateKey; /* signer's RSA private key */ ! 121: { ! 122: int status; ! 123: unsigned char digest[MAX_DIGEST_LEN], digestInfo[DIGEST_INFO_LEN]; ! 124: unsigned int digestLen; ! 125: ! 126: do { ! 127: if ((status = R_DigestFinal (&context->digestContext, digest, &digestLen)) ! 128: != 0) ! 129: break; ! 130: ! 131: R_EncodeDigestInfo ! 132: (digestInfo, context->digestContext.digestAlgorithm, digest); ! 133: ! 134: if (RSAPrivateEncrypt ! 135: (signature, signatureLen, digestInfo, DIGEST_INFO_LEN, privateKey) ! 136: != 0) { ! 137: status = RE_PRIVATE_KEY; ! 138: break; ! 139: } ! 140: ! 141: /* Reset for another verification. Assume Init won't fail */ ! 142: R_DigestInit ! 143: (&context->digestContext, context->digestContext.digestAlgorithm); ! 144: } while (0); ! 145: ! 146: /* Zeroize potentially sensitive information. ! 147: */ ! 148: R_memset ((POINTER)digest, 0, sizeof (digest)); ! 149: R_memset ((POINTER)digestInfo, 0, sizeof (digestInfo)); ! 150: ! 151: return (status); ! 152: } ! 153: ! 154: int R_VerifyInit (context, digestAlgorithm) ! 155: R_SIGNATURE_CTX *context; /* new context */ ! 156: int digestAlgorithm; /* message-digest algorithm */ ! 157: { ! 158: return (R_DigestInit (&context->digestContext, digestAlgorithm)); ! 159: } ! 160: ! 161: int R_VerifyUpdate (context, partIn, partInLen) ! 162: R_SIGNATURE_CTX *context; /* context */ ! 163: unsigned char *partIn; /* next data part */ ! 164: unsigned int partInLen; /* length of next data part */ ! 165: { ! 166: return (R_DigestUpdate (&context->digestContext, partIn, partInLen)); ! 167: } ! 168: ! 169: int R_VerifyFinal (context, signature, signatureLen, publicKey) ! 170: R_SIGNATURE_CTX *context; /* context */ ! 171: unsigned char *signature; /* signature */ ! 172: unsigned int signatureLen; /* length of signature */ ! 173: R_RSA_PUBLIC_KEY *publicKey; /* signer's RSA public key */ ! 174: { ! 175: int status; ! 176: unsigned char digest[MAX_DIGEST_LEN], digestInfo[DIGEST_INFO_LEN], ! 177: originalDigestInfo[MAX_SIGNATURE_LEN]; ! 178: unsigned int originalDigestInfoLen, digestLen; ! 179: ! 180: if (signatureLen > MAX_SIGNATURE_LEN) ! 181: return (RE_LEN); ! 182: ! 183: status = 0; ! 184: do { ! 185: if ((status = R_DigestFinal (&context->digestContext, digest, &digestLen)) ! 186: != 0) ! 187: break; ! 188: ! 189: R_EncodeDigestInfo ! 190: (digestInfo, context->digestContext.digestAlgorithm, digest); ! 191: ! 192: if (RSAPublicDecrypt ! 193: (originalDigestInfo, &originalDigestInfoLen, signature, signatureLen, ! 194: publicKey) != 0) { ! 195: status = RE_PUBLIC_KEY; ! 196: break; ! 197: } ! 198: ! 199: if ((originalDigestInfoLen != DIGEST_INFO_LEN) || ! 200: (R_memcmp ! 201: ((POINTER)originalDigestInfo, (POINTER)digestInfo, ! 202: DIGEST_INFO_LEN))) { ! 203: status = RE_SIGNATURE; ! 204: break; ! 205: } ! 206: ! 207: /* Reset for another verification. Assume Init won't fail */ ! 208: R_DigestInit ! 209: (&context->digestContext, context->digestContext.digestAlgorithm); ! 210: } while (0); ! 211: ! 212: /* Zeroize potentially sensitive information. ! 213: */ ! 214: R_memset ((POINTER)digest, 0, sizeof (digest)); ! 215: R_memset ((POINTER)digestInfo, 0, sizeof (digestInfo)); ! 216: R_memset ((POINTER)originalDigestInfo, 0, sizeof (originalDigestInfo)); ! 217: ! 218: return (status); ! 219: } ! 220: ! 221: /* Caller must ASCII recode the encrypted keys if desired. ! 222: */ ! 223: int R_SealInit ! 224: (context, encryptedKeys, encryptedKeyLens, iv, publicKeyCount, publicKeys, ! 225: encryptionAlgorithm, randomStruct) ! 226: R_ENVELOPE_CTX *context; /* new context */ ! 227: unsigned char **encryptedKeys; /* encrypted keys */ ! 228: unsigned int *encryptedKeyLens; /* lengths of encrypted keys */ ! 229: unsigned char iv[8]; /* initialization vector */ ! 230: unsigned int publicKeyCount; /* number of public keys */ ! 231: R_RSA_PUBLIC_KEY **publicKeys; /* public keys */ ! 232: int encryptionAlgorithm; /* data encryption algorithm */ ! 233: R_RANDOM_STRUCT *randomStruct; /* random structure */ ! 234: { ! 235: int status; ! 236: unsigned char key[24]; ! 237: unsigned int keyLen, i; ! 238: ! 239: do { ! 240: context->encryptionAlgorithm = encryptionAlgorithm; ! 241: ! 242: keyLen = (encryptionAlgorithm == EA_DES_CBC) ? 8 : 24; ! 243: if ((status = R_GenerateBytes (key, keyLen, randomStruct)) != 0) ! 244: break; ! 245: if ((status = R_GenerateBytes (iv, 8, randomStruct)) != 0) ! 246: break; ! 247: ! 248: if (encryptionAlgorithm == EA_DES_EDE2_CBC) ! 249: /* Make both E keys the same */ ! 250: R_memcpy ((POINTER)(key + 16), (POINTER)key, 8); ! 251: ! 252: if ((status = CipherInit (context, encryptionAlgorithm, key, iv, 1)) != 0) ! 253: break; ! 254: ! 255: for (i = 0; i < publicKeyCount; ++i) { ! 256: if (RSAPublicEncrypt ! 257: (encryptedKeys[i], &encryptedKeyLens[i], key, keyLen, ! 258: publicKeys[i], randomStruct)) { ! 259: status = RE_PUBLIC_KEY; ! 260: break; ! 261: } ! 262: } ! 263: if (status != 0) ! 264: break; ! 265: ! 266: context->bufferLen = 0; ! 267: } while (0); ! 268: ! 269: /* Zeroize sensitive information. ! 270: */ ! 271: R_memset ((POINTER)key, 0, sizeof (key)); ! 272: ! 273: return (status); ! 274: } ! 275: ! 276: /* Assume partOut buffer is at least partInLen + 7, since this may flush ! 277: buffered input. ! 278: */ ! 279: int R_SealUpdate (context, partOut, partOutLen, partIn, partInLen) ! 280: R_ENVELOPE_CTX *context; /* context */ ! 281: unsigned char *partOut; /* next encrypted data part */ ! 282: unsigned int *partOutLen; /* length of next encrypted data part */ ! 283: unsigned char *partIn; /* next data part */ ! 284: unsigned int partInLen; /* length of next data part */ ! 285: { ! 286: unsigned int tempLen; ! 287: ! 288: tempLen = 8 - context->bufferLen; ! 289: if (partInLen < tempLen) { ! 290: /* Just accumulate into buffer. ! 291: */ ! 292: R_memcpy ! 293: ((POINTER)(context->buffer + context->bufferLen), (POINTER)partIn, ! 294: partInLen); ! 295: context->bufferLen += partInLen; ! 296: *partOutLen = 0; ! 297: return (0); ! 298: } ! 299: ! 300: /* Fill the buffer and encrypt. ! 301: */ ! 302: R_memcpy ! 303: ((POINTER)(context->buffer + context->bufferLen), (POINTER)partIn, ! 304: tempLen); ! 305: CipherUpdate (context, partOut, context->buffer, 8); ! 306: partIn += tempLen; ! 307: partInLen -= tempLen; ! 308: partOut += 8; ! 309: *partOutLen = 8; ! 310: ! 311: /* Encrypt as many 8-byte blocks as possible. ! 312: */ ! 313: tempLen = 8 * (partInLen / 8); ! 314: CipherUpdate (context, partOut, partIn, tempLen); ! 315: partIn += tempLen; ! 316: partInLen -= tempLen; ! 317: *partOutLen += tempLen; ! 318: ! 319: /* Length is now less than 8, so copy remainder to buffer. ! 320: */ ! 321: R_memcpy ! 322: ((POINTER)context->buffer, (POINTER)partIn, ! 323: context->bufferLen = partInLen); ! 324: ! 325: return (0); ! 326: } ! 327: ! 328: /* Assume partOut buffer is at least 8 bytes. ! 329: */ ! 330: int R_SealFinal (context, partOut, partOutLen) ! 331: R_ENVELOPE_CTX *context; /* context */ ! 332: unsigned char *partOut; /* last encrypted data part */ ! 333: unsigned int *partOutLen; /* length of last encrypted data part */ ! 334: { ! 335: unsigned int padLen; ! 336: ! 337: /* Pad and encrypt final block. ! 338: */ ! 339: padLen = 8 - context->bufferLen; ! 340: R_memset ! 341: ((POINTER)(context->buffer + context->bufferLen), (int)padLen, padLen); ! 342: CipherUpdate (context, partOut, context->buffer, 8); ! 343: *partOutLen = 8; ! 344: ! 345: /* Restart the context. ! 346: */ ! 347: CipherRestart (context); ! 348: context->bufferLen = 0; ! 349: ! 350: return (0); ! 351: } ! 352: ! 353: /* Assume caller has already ASCII decoded the encryptedKey if necessary. ! 354: */ ! 355: int R_OpenInit ! 356: (context, encryptionAlgorithm, encryptedKey, encryptedKeyLen, iv, privateKey) ! 357: R_ENVELOPE_CTX *context; /* new context */ ! 358: int encryptionAlgorithm; /* data encryption algorithm */ ! 359: unsigned char *encryptedKey; /* encrypted data encryption key */ ! 360: unsigned int encryptedKeyLen; /* length of encrypted key */ ! 361: unsigned char iv[8]; /* initialization vector */ ! 362: R_RSA_PRIVATE_KEY *privateKey; /* recipient's RSA private key */ ! 363: { ! 364: int status; ! 365: unsigned char key[MAX_ENCRYPTED_KEY_LEN]; ! 366: unsigned int keyLen; ! 367: ! 368: if (encryptedKeyLen > MAX_ENCRYPTED_KEY_LEN) ! 369: return (RE_LEN); ! 370: ! 371: do { ! 372: context->encryptionAlgorithm = encryptionAlgorithm; ! 373: ! 374: if (RSAPrivateDecrypt ! 375: (key, &keyLen, encryptedKey, encryptedKeyLen, privateKey)) { ! 376: status = RE_PRIVATE_KEY; ! 377: break; ! 378: } ! 379: ! 380: if (encryptionAlgorithm == EA_DES_CBC) { ! 381: if (keyLen != 8) { ! 382: status = RE_PRIVATE_KEY; ! 383: break; ! 384: } ! 385: } ! 386: else { ! 387: if (keyLen != 24) { ! 388: status = RE_PRIVATE_KEY; ! 389: break; ! 390: } ! 391: } ! 392: ! 393: if ((status = CipherInit (context, encryptionAlgorithm, key, iv, 0)) != 0) ! 394: break; ! 395: ! 396: context->bufferLen = 0; ! 397: } while (0); ! 398: ! 399: /* Zeroize sensitive information. ! 400: */ ! 401: R_memset ((POINTER)key, 0, sizeof (key)); ! 402: ! 403: return (status); ! 404: } ! 405: ! 406: /* Assume partOut buffer is at least partInLen + 7, since this may flush ! 407: buffered input. Always leaves at least one byte in buffer. ! 408: */ ! 409: int R_OpenUpdate (context, partOut, partOutLen, partIn, partInLen) ! 410: R_ENVELOPE_CTX *context; /* context */ ! 411: unsigned char *partOut; /* next recovered data part */ ! 412: unsigned int *partOutLen; /* length of next recovered data part */ ! 413: unsigned char *partIn; /* next encrypted data part */ ! 414: unsigned int partInLen; /* length of next encrypted data part */ ! 415: { ! 416: unsigned int tempLen; ! 417: ! 418: tempLen = 8 - context->bufferLen; ! 419: if (partInLen <= tempLen) { ! 420: /* Just accumulate into buffer. ! 421: */ ! 422: R_memcpy ! 423: ((POINTER)(context->buffer + context->bufferLen), (POINTER)partIn, ! 424: partInLen); ! 425: context->bufferLen += partInLen; ! 426: *partOutLen = 0; ! 427: return (0); ! 428: } ! 429: ! 430: /* Fill the buffer and decrypt. We know that there will be more left ! 431: in partIn after decrypting the buffer. ! 432: */ ! 433: R_memcpy ! 434: ((POINTER)(context->buffer + context->bufferLen), (POINTER)partIn, ! 435: tempLen); ! 436: CipherUpdate (context, partOut, context->buffer, 8); ! 437: partIn += tempLen; ! 438: partInLen -= tempLen; ! 439: partOut += 8; ! 440: *partOutLen = 8; ! 441: ! 442: /* Decrypt as many 8 byte blocks as possible, leaving at least one byte ! 443: in partIn. ! 444: */ ! 445: tempLen = 8 * ((partInLen - 1) / 8); ! 446: CipherUpdate (context, partOut, partIn, tempLen); ! 447: partIn += tempLen; ! 448: partInLen -= tempLen; ! 449: *partOutLen += tempLen; ! 450: ! 451: /* Length is between 1 and 8, so copy into buffer. ! 452: */ ! 453: R_memcpy ! 454: ((POINTER)context->buffer, (POINTER)partIn, ! 455: context->bufferLen = partInLen); ! 456: ! 457: return (0); ! 458: } ! 459: ! 460: /* Assume partOut buffer is at least 7 bytes. ! 461: */ ! 462: int R_OpenFinal (context, partOut, partOutLen) ! 463: R_ENVELOPE_CTX *context; /* context */ ! 464: unsigned char *partOut; /* last recovered data part */ ! 465: unsigned int *partOutLen; /* length of last recovered data part */ ! 466: { ! 467: int status; ! 468: unsigned char lastPart[8]; ! 469: unsigned int padLen; ! 470: ! 471: status = 0; ! 472: do { ! 473: if (context->bufferLen == 0) ! 474: /* There was no input data to decrypt */ ! 475: *partOutLen = 0; ! 476: else { ! 477: if (context->bufferLen != 8) { ! 478: status = RE_KEY; ! 479: break; ! 480: } ! 481: ! 482: /* Decrypt and strip padding from final block which is in buffer. ! 483: */ ! 484: CipherUpdate (context, lastPart, context->buffer, 8); ! 485: ! 486: padLen = lastPart[7]; ! 487: if (padLen == 0 || padLen > 8) { ! 488: status = RE_KEY; ! 489: break; ! 490: } ! 491: if (R_memcmp ! 492: ((POINTER)&lastPart[8 - padLen], PADDING[padLen], padLen) != 0) { ! 493: status = RE_KEY; ! 494: break; ! 495: } ! 496: ! 497: R_memcpy ((POINTER)partOut, (POINTER)lastPart, *partOutLen = 8 - padLen); ! 498: } ! 499: ! 500: /* Restart the context. ! 501: */ ! 502: CipherRestart (context); ! 503: context->bufferLen = 0; ! 504: } while (0); ! 505: ! 506: /* Zeroize sensitive information. ! 507: */ ! 508: R_memset ((POINTER)lastPart, 0, sizeof (lastPart)); ! 509: ! 510: return (status); ! 511: } ! 512: ! 513: int R_SignPEMBlock ! 514: (encodedContent, encodedContentLen, encodedSignature, encodedSignatureLen, ! 515: content, contentLen, recode, digestAlgorithm, privateKey) ! 516: unsigned char *encodedContent; /* encoded content */ ! 517: unsigned int *encodedContentLen; /* length of encoded content */ ! 518: unsigned char *encodedSignature; /* encoded signature */ ! 519: unsigned int *encodedSignatureLen; /* length of encoded signature */ ! 520: unsigned char *content; /* content */ ! 521: unsigned int contentLen; /* length of content */ ! 522: int recode; /* recoding flag */ ! 523: int digestAlgorithm; /* message-digest algorithm */ ! 524: R_RSA_PRIVATE_KEY *privateKey; /* signer's RSA private key */ ! 525: { ! 526: int status; ! 527: unsigned char signature[MAX_SIGNATURE_LEN]; ! 528: unsigned int signatureLen; ! 529: ! 530: if ((status = R_SignBlock ! 531: (signature, &signatureLen, content, contentLen, digestAlgorithm, ! 532: privateKey)) != 0) ! 533: return (status); ! 534: ! 535: R_EncodePEMBlock ! 536: (encodedSignature, encodedSignatureLen, signature, signatureLen); ! 537: ! 538: if (recode) ! 539: R_EncodePEMBlock ! 540: (encodedContent, encodedContentLen, content, contentLen); ! 541: ! 542: return (0); ! 543: } ! 544: ! 545: int R_SignBlock ! 546: (signature, signatureLen, block, blockLen, digestAlgorithm, privateKey) ! 547: unsigned char *signature; /* signature */ ! 548: unsigned int *signatureLen; /* length of signature */ ! 549: unsigned char *block; /* block */ ! 550: unsigned int blockLen; /* length of block */ ! 551: int digestAlgorithm; /* message-digest algorithm */ ! 552: R_RSA_PRIVATE_KEY *privateKey; /* signer's RSA private key */ ! 553: { ! 554: R_SIGNATURE_CTX context; ! 555: int status; ! 556: ! 557: do { ! 558: if ((status = R_SignInit (&context, digestAlgorithm)) != 0) ! 559: break; ! 560: if ((status = R_SignUpdate (&context, block, blockLen)) != 0) ! 561: break; ! 562: if ((status = R_SignFinal (&context, signature, signatureLen, privateKey)) ! 563: != 0) ! 564: break; ! 565: } while (0); ! 566: ! 567: /* Zeroize sensitive information. */ ! 568: R_memset ((POINTER)&context, 0, sizeof (context)); ! 569: ! 570: return (status); ! 571: } ! 572: ! 573: int R_VerifyPEMSignature ! 574: (content, contentLen, encodedContent, encodedContentLen, encodedSignature, ! 575: encodedSignatureLen, recode, digestAlgorithm, publicKey) ! 576: unsigned char *content; /* content */ ! 577: unsigned int *contentLen; /* length of content */ ! 578: unsigned char *encodedContent; /* (possibly) encoded content */ ! 579: unsigned int encodedContentLen; /* length of encoded content */ ! 580: unsigned char *encodedSignature; /* encoded signature */ ! 581: unsigned int encodedSignatureLen; /* length of encoded signature */ ! 582: int recode; /* recoding flag */ ! 583: int digestAlgorithm; /* message-digest algorithm */ ! 584: R_RSA_PUBLIC_KEY *publicKey; /* signer's RSA public key */ ! 585: { ! 586: unsigned char signature[MAX_SIGNATURE_LEN]; ! 587: unsigned int signatureLen; ! 588: ! 589: if (encodedSignatureLen > MAX_PEM_SIGNATURE_LEN) ! 590: return (RE_SIGNATURE_ENCODING); ! 591: ! 592: if (recode) { ! 593: if (R_DecodePEMBlock ! 594: (content, contentLen, encodedContent, encodedContentLen)) ! 595: return (RE_CONTENT_ENCODING); ! 596: } ! 597: else { ! 598: content = encodedContent; ! 599: *contentLen = encodedContentLen; ! 600: } ! 601: ! 602: if (R_DecodePEMBlock ! 603: (signature, &signatureLen, encodedSignature, encodedSignatureLen)) ! 604: return (RE_SIGNATURE_ENCODING); ! 605: ! 606: return (R_VerifyBlockSignature ! 607: (content, *contentLen, signature, signatureLen, digestAlgorithm, ! 608: publicKey)); ! 609: } ! 610: ! 611: int R_VerifyBlockSignature ! 612: (block, blockLen, signature, signatureLen, digestAlgorithm, publicKey) ! 613: unsigned char *block; /* block */ ! 614: unsigned int blockLen; /* length of block */ ! 615: unsigned char *signature; /* signature */ ! 616: unsigned int signatureLen; /* length of signature */ ! 617: int digestAlgorithm; /* message-digest algorithm */ ! 618: R_RSA_PUBLIC_KEY *publicKey; /* signer's RSA public key */ ! 619: { ! 620: R_SIGNATURE_CTX context; ! 621: int status; ! 622: ! 623: do { ! 624: if ((status = R_VerifyInit (&context, digestAlgorithm)) != 0) ! 625: break; ! 626: if ((status = R_VerifyUpdate (&context, block, blockLen)) != 0) ! 627: break; ! 628: if ((status = R_VerifyFinal (&context, signature, signatureLen, publicKey)) ! 629: != 0) ! 630: break; ! 631: } while (0); ! 632: ! 633: /* Zeroize sensitive information. */ ! 634: R_memset ((POINTER)&context, 0, sizeof (context)); ! 635: ! 636: return (status); ! 637: } ! 638: ! 639: int R_SealPEMBlock ! 640: (encryptedContent, encryptedContentLen, encryptedKey, encryptedKeyLen, ! 641: encryptedSignature, encryptedSignatureLen, iv, content, contentLen, ! 642: digestAlgorithm, publicKey, privateKey, randomStruct) ! 643: unsigned char *encryptedContent; /* encoded, encrypted content */ ! 644: unsigned int *encryptedContentLen; /* length */ ! 645: unsigned char *encryptedKey; /* encoded, encrypted key */ ! 646: unsigned int *encryptedKeyLen; /* length */ ! 647: unsigned char *encryptedSignature; /* encoded, encrypted signature */ ! 648: unsigned int *encryptedSignatureLen; /* length */ ! 649: unsigned char iv[8]; /* DES initialization vector */ ! 650: unsigned char *content; /* content */ ! 651: unsigned int contentLen; /* length of content */ ! 652: int digestAlgorithm; /* message-digest algorithms */ ! 653: R_RSA_PUBLIC_KEY *publicKey; /* recipient's RSA public key */ ! 654: R_RSA_PRIVATE_KEY *privateKey; /* signer's RSA private key */ ! 655: R_RANDOM_STRUCT *randomStruct; /* random structure */ ! 656: { ! 657: R_ENVELOPE_CTX context; ! 658: R_RSA_PUBLIC_KEY *publicKeys[1]; ! 659: int status; ! 660: unsigned char encryptedKeyBlock[MAX_ENCRYPTED_KEY_LEN], ! 661: signature[MAX_SIGNATURE_LEN], *encryptedKeys[1]; ! 662: unsigned int signatureLen, encryptedKeyBlockLen; ! 663: ! 664: do { ! 665: if ((status = R_SignBlock ! 666: (signature, &signatureLen, content, contentLen, digestAlgorithm, ! 667: privateKey)) != 0) ! 668: break; ! 669: ! 670: publicKeys[0] = publicKey; ! 671: encryptedKeys[0] = encryptedKeyBlock; ! 672: if ((status = R_SealInit ! 673: (&context, encryptedKeys, &encryptedKeyBlockLen, iv, 1, publicKeys, ! 674: EA_DES_CBC, randomStruct)) != 0) ! 675: break; ! 676: ! 677: R_EncodePEMBlock ! 678: (encryptedKey, encryptedKeyLen, encryptedKeyBlock, ! 679: encryptedKeyBlockLen); ! 680: ! 681: EncryptPEMUpdateFinal ! 682: (&context, encryptedContent, encryptedContentLen, content, ! 683: contentLen); ! 684: ! 685: EncryptPEMUpdateFinal ! 686: (&context, encryptedSignature, encryptedSignatureLen, signature, ! 687: signatureLen); ! 688: } while (0); ! 689: ! 690: /* Zeroize sensitive information. ! 691: */ ! 692: R_memset ((POINTER)&context, 0, sizeof (context)); ! 693: R_memset ((POINTER)signature, 0, sizeof (signature)); ! 694: ! 695: return (status); ! 696: } ! 697: ! 698: int R_OpenPEMBlock ! 699: (content, contentLen, encryptedContent, encryptedContentLen, encryptedKey, ! 700: encryptedKeyLen, encryptedSignature, encryptedSignatureLen, ! 701: iv, digestAlgorithm, privateKey, publicKey) ! 702: unsigned char *content; /* content */ ! 703: unsigned int *contentLen; /* length of content */ ! 704: unsigned char *encryptedContent; /* encoded, encrypted content */ ! 705: unsigned int encryptedContentLen; /* length */ ! 706: unsigned char *encryptedKey; /* encoded, encrypted key */ ! 707: unsigned int encryptedKeyLen; /* length */ ! 708: unsigned char *encryptedSignature; /* encoded, encrypted signature */ ! 709: unsigned int encryptedSignatureLen; /* length */ ! 710: unsigned char iv[8]; /* DES initialization vector */ ! 711: int digestAlgorithm; /* message-digest algorithms */ ! 712: R_RSA_PRIVATE_KEY *privateKey; /* recipient's RSA private key */ ! 713: R_RSA_PUBLIC_KEY *publicKey; /* signer's RSA public key */ ! 714: { ! 715: R_ENVELOPE_CTX context; ! 716: int status; ! 717: unsigned char encryptedKeyBlock[MAX_ENCRYPTED_KEY_LEN], ! 718: signature[MAX_SIGNATURE_LEN]; ! 719: unsigned int encryptedKeyBlockLen, signatureLen; ! 720: ! 721: if (encryptedKeyLen > MAX_PEM_ENCRYPTED_KEY_LEN) ! 722: return (RE_KEY_ENCODING); ! 723: ! 724: if (encryptedSignatureLen > MAX_PEM_ENCRYPTED_SIGNATURE_LEN) ! 725: return (RE_SIGNATURE_ENCODING); ! 726: ! 727: do { ! 728: if (R_DecodePEMBlock ! 729: (encryptedKeyBlock, &encryptedKeyBlockLen, encryptedKey, ! 730: encryptedKeyLen) != 0) { ! 731: status = RE_KEY_ENCODING; ! 732: break; ! 733: } ! 734: ! 735: if ((status = R_OpenInit ! 736: (&context, EA_DES_CBC, encryptedKeyBlock, encryptedKeyBlockLen, ! 737: iv, privateKey)) != 0) ! 738: break; ! 739: ! 740: if ((status = DecryptPEMUpdateFinal ! 741: (&context, content, contentLen, encryptedContent, ! 742: encryptedContentLen)) != 0) { ! 743: if ((status == RE_LEN || status == RE_ENCODING)) ! 744: status = RE_CONTENT_ENCODING; ! 745: else ! 746: status = RE_KEY; ! 747: break; ! 748: } ! 749: ! 750: if (status = DecryptPEMUpdateFinal ! 751: (&context, signature, &signatureLen, encryptedSignature, ! 752: encryptedSignatureLen)) { ! 753: if ((status == RE_LEN || status == RE_ENCODING)) ! 754: status = RE_SIGNATURE_ENCODING; ! 755: else ! 756: status = RE_KEY; ! 757: break; ! 758: } ! 759: ! 760: if ((status = R_VerifyBlockSignature ! 761: (content, *contentLen, signature, signatureLen, digestAlgorithm, ! 762: publicKey)) != 0) ! 763: break; ! 764: } while (0); ! 765: ! 766: /* Zeroize sensitive information. ! 767: */ ! 768: R_memset ((POINTER)&context, 0, sizeof (context)); ! 769: R_memset ((POINTER)signature, 0, sizeof (signature)); ! 770: ! 771: return (status); ! 772: } ! 773: ! 774: int R_DigestBlock (digest, digestLen, block, blockLen, digestAlgorithm) ! 775: unsigned char *digest; /* message digest */ ! 776: unsigned int *digestLen; /* length of message digest */ ! 777: unsigned char *block; /* block */ ! 778: unsigned int blockLen; /* length of block */ ! 779: int digestAlgorithm; /* message-digest algorithm */ ! 780: { ! 781: R_DIGEST_CTX context; ! 782: int status; ! 783: ! 784: do { ! 785: if ((status = R_DigestInit (&context, digestAlgorithm)) != 0) ! 786: break; ! 787: if ((status = R_DigestUpdate (&context, block, blockLen)) != 0) ! 788: break; ! 789: if ((status = R_DigestFinal (&context, digest, digestLen)) != 0) ! 790: break; ! 791: } while (0); ! 792: ! 793: /* Zeroize sensitive information. */ ! 794: R_memset ((POINTER)&context, 0, sizeof (context)); ! 795: ! 796: return (status); ! 797: } ! 798: ! 799: /* Assumes digestAlgorithm is DA_MD2 or DA_MD5 and digest length is 16. ! 800: */ ! 801: static void R_EncodeDigestInfo (digestInfo, digestAlgorithm, digest) ! 802: unsigned char *digestInfo; /* DigestInfo encoding */ ! 803: int digestAlgorithm; /* message-digest algorithm */ ! 804: unsigned char *digest; /* message digest */ ! 805: { ! 806: R_memcpy ! 807: ((POINTER)digestInfo, (POINTER)DIGEST_INFO_A, DIGEST_INFO_A_LEN); ! 808: ! 809: digestInfo[DIGEST_INFO_A_LEN] = ! 810: (digestAlgorithm == DA_MD2) ? (unsigned char)2 : (unsigned char)5; ! 811: ! 812: R_memcpy ! 813: ((POINTER)&digestInfo[DIGEST_INFO_A_LEN + 1], (POINTER)DIGEST_INFO_B, ! 814: DIGEST_INFO_B_LEN); ! 815: ! 816: R_memcpy ! 817: ((POINTER)&digestInfo[DIGEST_INFO_A_LEN + 1 + DIGEST_INFO_B_LEN], ! 818: (POINTER)digest, 16); ! 819: } ! 820: ! 821: /* Call SealUpdate and SealFinal on the input and ASCII recode. ! 822: */ ! 823: static void EncryptPEMUpdateFinal ! 824: (context, output, outputLen, input, inputLen) ! 825: R_ENVELOPE_CTX *context; ! 826: unsigned char *output; /* encrypted, encoded block */ ! 827: unsigned int *outputLen; /* length of output */ ! 828: unsigned char *input; /* block to encrypt */ ! 829: unsigned int inputLen; /* length */ ! 830: { ! 831: unsigned char encryptedPart[24]; ! 832: unsigned int i, lastPartLen, tempLen, len; ! 833: ! 834: /* Choose a buffer size of 24 bytes to hold the temporary encrypted output ! 835: which will be encoded. ! 836: Encrypt and encode as many 24-byte blocks as possible. ! 837: */ ! 838: for (i = 0; i < inputLen / 24; ++i) { ! 839: /* Assume part out length will equal part in length since it is ! 840: a multiple of 8. Also assume no error output. */ ! 841: R_SealUpdate (context, encryptedPart, &tempLen, &input[24*i], 24); ! 842: ! 843: /* len is always 32 */ ! 844: R_EncodePEMBlock (&output[32*i], &tempLen, encryptedPart, 24); ! 845: } ! 846: ! 847: /* Encrypt the last part into encryptedPart. ! 848: */ ! 849: R_SealUpdate ! 850: (context, encryptedPart, &lastPartLen, &input[24*i], inputLen - 24*i); ! 851: R_SealFinal (context, encryptedPart + lastPartLen, &len); ! 852: lastPartLen += len; ! 853: ! 854: R_EncodePEMBlock (&output[32*i], &len, encryptedPart, lastPartLen); ! 855: *outputLen = 32*i + len; ! 856: ! 857: /* Zeroize sensitive information. ! 858: */ ! 859: R_memset ((POINTER)encryptedPart, 0, sizeof (encryptedPart)); ! 860: } ! 861: ! 862: static int DecryptPEMUpdateFinal (context, output, outputLen, input, inputLen) ! 863: R_ENVELOPE_CTX *context; ! 864: unsigned char *output; /* decoded, decrypted block */ ! 865: unsigned int *outputLen; /* length of output */ ! 866: unsigned char *input; /* encrypted, encoded block */ ! 867: unsigned int inputLen; /* length */ ! 868: { ! 869: int status; ! 870: unsigned char encryptedPart[24]; ! 871: unsigned int i, len; ! 872: ! 873: do { ! 874: /* Choose a buffer size of 24 bytes to hold the temporary decoded output ! 875: which will be decrypted. ! 876: Decode and decrypt as many 32-byte input blocks as possible. ! 877: */ ! 878: *outputLen = 0; ! 879: for (i = 0; i < inputLen/32; i++) { ! 880: /* len is always 24 */ ! 881: if ((status = R_DecodePEMBlock ! 882: (encryptedPart, &len, &input[32*i], 32)) != 0) ! 883: break; ! 884: ! 885: /* Excpect no error return */ ! 886: R_OpenUpdate (context, output, &len, encryptedPart, 24); ! 887: output += len; ! 888: *outputLen += len; ! 889: } ! 890: if (status) ! 891: break; ! 892: ! 893: /* Decode the last part */ ! 894: if ((status = R_DecodePEMBlock ! 895: (encryptedPart, &len, &input[32*i], inputLen - 32*i)) != 0) ! 896: break; ! 897: ! 898: /* Decrypt the last part. ! 899: */ ! 900: R_OpenUpdate (context, output, &len, encryptedPart, len); ! 901: output += len; ! 902: *outputLen += len; ! 903: if ((status = R_OpenFinal (context, output, &len)) != 0) ! 904: break; ! 905: *outputLen += len; ! 906: } while (0); ! 907: ! 908: /* Zeroize sensitive information. ! 909: */ ! 910: R_memset ((POINTER)&context, 0, sizeof (context)); ! 911: R_memset ((POINTER)encryptedPart, 0, sizeof (encryptedPart)); ! 912: ! 913: return (status); ! 914: } ! 915: ! 916: static int CipherInit (context, encryptionAlgorithm, key, iv, encrypt) ! 917: R_ENVELOPE_CTX *context; ! 918: int encryptionAlgorithm; ! 919: unsigned char *key; /* DES key */ ! 920: unsigned char *iv; /* DES initialization vector */ ! 921: int encrypt; /* encrypt flag (1 = encrypt, 0 = decrypt) */ ! 922: { ! 923: switch (encryptionAlgorithm) { ! 924: case EA_DES_CBC: ! 925: DES_CBCInit (&context->cipherContext.des, key, iv, encrypt); ! 926: return (0); ! 927: case EA_DESX_CBC: ! 928: DESX_CBCInit (&context->cipherContext.desx, key, iv, encrypt); ! 929: return (0); ! 930: case EA_DES_EDE2_CBC: ! 931: case EA_DES_EDE3_CBC: ! 932: DES3_CBCInit (&context->cipherContext.des3, key, iv, encrypt); ! 933: return (0); ! 934: ! 935: default: ! 936: return (RE_ENCRYPTION_ALGORITHM); ! 937: } ! 938: } ! 939: ! 940: /* Assume len is a multiple of 8. ! 941: */ ! 942: static void CipherUpdate (context, output, input, len) ! 943: R_ENVELOPE_CTX *context; ! 944: unsigned char *output; /* output block */ ! 945: unsigned char *input; /* input block */ ! 946: unsigned int len; /* length of input and output blocks */ ! 947: { ! 948: if (context->encryptionAlgorithm == EA_DES_CBC) ! 949: DES_CBCUpdate (&context->cipherContext.des, output, input, len); ! 950: else if (context->encryptionAlgorithm == EA_DESX_CBC) ! 951: DESX_CBCUpdate (&context->cipherContext.desx, output, input, len); ! 952: else ! 953: DES3_CBCUpdate (&context->cipherContext.des3, output, input, len); ! 954: } ! 955: ! 956: static void CipherRestart (context) ! 957: R_ENVELOPE_CTX *context; ! 958: { ! 959: if (context->encryptionAlgorithm == EA_DES_CBC) ! 960: DES_CBCRestart (&context->cipherContext.des); ! 961: else if (context->encryptionAlgorithm == EA_DESX_CBC) ! 962: DESX_CBCRestart (&context->cipherContext.desx); ! 963: else ! 964: DES3_CBCRestart (&context->cipherContext.des3); ! 965: }
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.