![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to rsa.c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [Qemu by Fabrice Bellard] / qemu / roms / ipxe / src / crypto / axtls|
Return to rsa.c CVS log | Up to [Qemu by Fabrice Bellard] / qemu / roms / ipxe / src / crypto / axtls |
1.1 ! root 1: /* ! 2: * Copyright(C) 2006 Cameron Rich ! 3: * ! 4: * This library is free software; you can redistribute it and/or modify ! 5: * it under the terms of the GNU Lesser General Public License as published by ! 6: * the Free Software Foundation; either version 2.1 of the License, or ! 7: * (at your option) any later version. ! 8: * ! 9: * This library is distributed in the hope that it will be useful, ! 10: * but WITHOUT ANY WARRANTY; without even the implied warranty of ! 11: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ! 12: * GNU Lesser General Public License for more details. ! 13: * ! 14: * You should have received a copy of the GNU Lesser General Public License ! 15: * along with this library; if not, write to the Free Software ! 16: * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA ! 17: */ ! 18: ! 19: /** ! 20: * Implements the RSA public encryption algorithm. Uses the bigint library to ! 21: * perform its calculations. ! 22: */ ! 23: ! 24: #include <stdio.h> ! 25: #include <string.h> ! 26: #include <time.h> ! 27: #include <stdlib.h> ! 28: #include "crypto.h" ! 29: ! 30: #ifdef CONFIG_BIGINT_CRT ! 31: static bigint *bi_crt(const RSA_CTX *rsa, bigint *bi); ! 32: #endif ! 33: ! 34: void RSA_priv_key_new(RSA_CTX **ctx, ! 35: const uint8_t *modulus, int mod_len, ! 36: const uint8_t *pub_exp, int pub_len, ! 37: const uint8_t *priv_exp, int priv_len ! 38: #if CONFIG_BIGINT_CRT ! 39: , const uint8_t *p, int p_len, ! 40: const uint8_t *q, int q_len, ! 41: const uint8_t *dP, int dP_len, ! 42: const uint8_t *dQ, int dQ_len, ! 43: const uint8_t *qInv, int qInv_len ! 44: #endif ! 45: ) ! 46: { ! 47: RSA_CTX *rsa_ctx; ! 48: BI_CTX *bi_ctx; ! 49: RSA_pub_key_new(ctx, modulus, mod_len, pub_exp, pub_len); ! 50: rsa_ctx = *ctx; ! 51: bi_ctx = rsa_ctx->bi_ctx; ! 52: rsa_ctx->d = bi_import(bi_ctx, priv_exp, priv_len); ! 53: bi_permanent(rsa_ctx->d); ! 54: ! 55: #ifdef CONFIG_BIGINT_CRT ! 56: rsa_ctx->p = bi_import(bi_ctx, p, p_len); ! 57: rsa_ctx->q = bi_import(bi_ctx, q, q_len); ! 58: rsa_ctx->dP = bi_import(bi_ctx, dP, dP_len); ! 59: rsa_ctx->dQ = bi_import(bi_ctx, dQ, dQ_len); ! 60: rsa_ctx->qInv = bi_import(bi_ctx, qInv, qInv_len); ! 61: bi_permanent(rsa_ctx->dP); ! 62: bi_permanent(rsa_ctx->dQ); ! 63: bi_permanent(rsa_ctx->qInv); ! 64: bi_set_mod(bi_ctx, rsa_ctx->p, BIGINT_P_OFFSET); ! 65: bi_set_mod(bi_ctx, rsa_ctx->q, BIGINT_Q_OFFSET); ! 66: #endif ! 67: } ! 68: ! 69: void RSA_pub_key_new(RSA_CTX **ctx, ! 70: const uint8_t *modulus, int mod_len, ! 71: const uint8_t *pub_exp, int pub_len) ! 72: { ! 73: RSA_CTX *rsa_ctx; ! 74: BI_CTX *bi_ctx = bi_initialize(); ! 75: *ctx = (RSA_CTX *)calloc(1, sizeof(RSA_CTX)); ! 76: rsa_ctx = *ctx; ! 77: rsa_ctx->bi_ctx = bi_ctx; ! 78: rsa_ctx->num_octets = (mod_len & 0xFFF0); ! 79: rsa_ctx->m = bi_import(bi_ctx, modulus, mod_len); ! 80: bi_set_mod(bi_ctx, rsa_ctx->m, BIGINT_M_OFFSET); ! 81: rsa_ctx->e = bi_import(bi_ctx, pub_exp, pub_len); ! 82: bi_permanent(rsa_ctx->e); ! 83: } ! 84: ! 85: /** ! 86: * Free up any RSA context resources. ! 87: */ ! 88: void RSA_free(RSA_CTX *rsa_ctx) ! 89: { ! 90: BI_CTX *bi_ctx; ! 91: if (rsa_ctx == NULL) /* deal with ptrs that are null */ ! 92: return; ! 93: ! 94: bi_ctx = rsa_ctx->bi_ctx; ! 95: ! 96: bi_depermanent(rsa_ctx->e); ! 97: bi_free(bi_ctx, rsa_ctx->e); ! 98: bi_free_mod(rsa_ctx->bi_ctx, BIGINT_M_OFFSET); ! 99: ! 100: if (rsa_ctx->d) ! 101: { ! 102: bi_depermanent(rsa_ctx->d); ! 103: bi_free(bi_ctx, rsa_ctx->d); ! 104: #ifdef CONFIG_BIGINT_CRT ! 105: bi_depermanent(rsa_ctx->dP); ! 106: bi_depermanent(rsa_ctx->dQ); ! 107: bi_depermanent(rsa_ctx->qInv); ! 108: bi_free(bi_ctx, rsa_ctx->dP); ! 109: bi_free(bi_ctx, rsa_ctx->dQ); ! 110: bi_free(bi_ctx, rsa_ctx->qInv); ! 111: bi_free_mod(rsa_ctx->bi_ctx, BIGINT_P_OFFSET); ! 112: bi_free_mod(rsa_ctx->bi_ctx, BIGINT_Q_OFFSET); ! 113: #endif ! 114: } ! 115: ! 116: bi_terminate(bi_ctx); ! 117: free(rsa_ctx); ! 118: } ! 119: ! 120: /** ! 121: * @brief Use PKCS1.5 for decryption/verification. ! 122: * @param ctx [in] The context ! 123: * @param in_data [in] The data to encrypt (must be < modulus size-11) ! 124: * @param out_data [out] The encrypted data. ! 125: * @param is_decryption [in] Decryption or verify operation. ! 126: * @return The number of bytes that were originally encrypted. -1 on error. ! 127: * @see http://www.rsasecurity.com/rsalabs/node.asp?id=2125 ! 128: */ ! 129: int RSA_decrypt(const RSA_CTX *ctx, const uint8_t *in_data, ! 130: uint8_t *out_data, int is_decryption) ! 131: { ! 132: int byte_size = ctx->num_octets; ! 133: uint8_t *block; ! 134: int i, size; ! 135: bigint *decrypted_bi, *dat_bi; ! 136: ! 137: memset(out_data, 0, byte_size); /* initialise */ ! 138: ! 139: /* decrypt */ ! 140: dat_bi = bi_import(ctx->bi_ctx, in_data, byte_size); ! 141: #ifdef CONFIG_SSL_CERT_VERIFICATION ! 142: decrypted_bi = is_decryption ? /* decrypt or verify? */ ! 143: RSA_private(ctx, dat_bi) : RSA_public(ctx, dat_bi); ! 144: #else /* always a decryption */ ! 145: decrypted_bi = RSA_private(ctx, dat_bi); ! 146: #endif ! 147: ! 148: /* convert to a normal block */ ! 149: block = (uint8_t *)malloc(byte_size); ! 150: bi_export(ctx->bi_ctx, decrypted_bi, block, byte_size); ! 151: ! 152: i = 10; /* start at the first possible non-padded byte */ ! 153: ! 154: #ifdef CONFIG_SSL_CERT_VERIFICATION ! 155: if (is_decryption == 0) /* PKCS1.5 signing pads with "0xff"s */ ! 156: { ! 157: while (block[i++] == 0xff && i < byte_size); ! 158: ! 159: if (block[i-2] != 0xff) ! 160: i = byte_size; /*ensure size is 0 */ ! 161: } ! 162: else /* PKCS1.5 encryption padding is random */ ! 163: #endif ! 164: { ! 165: while (block[i++] && i < byte_size); ! 166: } ! 167: size = byte_size - i; ! 168: ! 169: /* get only the bit we want */ ! 170: if (size > 0) ! 171: memcpy(out_data, &block[i], size); ! 172: ! 173: free(block); ! 174: return size ? size : -1; ! 175: } ! 176: ! 177: /** ! 178: * Performs m = c^d mod n ! 179: */ ! 180: bigint *RSA_private(const RSA_CTX *c, bigint *bi_msg) ! 181: { ! 182: #ifdef CONFIG_BIGINT_CRT ! 183: return bi_crt(c, bi_msg); ! 184: #else ! 185: BI_CTX *ctx = c->bi_ctx; ! 186: ctx->mod_offset = BIGINT_M_OFFSET; ! 187: return bi_mod_power(ctx, bi_msg, c->d); ! 188: #endif ! 189: } ! 190: ! 191: #ifdef CONFIG_BIGINT_CRT ! 192: /** ! 193: * Use the Chinese Remainder Theorem to quickly perform RSA decrypts. ! 194: * This should really be in bigint.c (and was at one stage), but needs ! 195: * access to the RSA_CTX context... ! 196: */ ! 197: static bigint *bi_crt(const RSA_CTX *rsa, bigint *bi) ! 198: { ! 199: BI_CTX *ctx = rsa->bi_ctx; ! 200: bigint *m1, *m2, *h; ! 201: ! 202: /* Montgomery has a condition the 0 < x, y < m and these products violate ! 203: * that condition. So disable Montgomery when using CRT */ ! 204: #if defined(CONFIG_BIGINT_MONTGOMERY) ! 205: ctx->use_classical = 1; ! 206: #endif ! 207: ctx->mod_offset = BIGINT_P_OFFSET; ! 208: m1 = bi_mod_power(ctx, bi_copy(bi), rsa->dP); ! 209: ! 210: ctx->mod_offset = BIGINT_Q_OFFSET; ! 211: m2 = bi_mod_power(ctx, bi, rsa->dQ); ! 212: ! 213: h = bi_subtract(ctx, bi_add(ctx, m1, rsa->p), bi_copy(m2), NULL); ! 214: h = bi_multiply(ctx, h, rsa->qInv); ! 215: ctx->mod_offset = BIGINT_P_OFFSET; ! 216: h = bi_residue(ctx, h); ! 217: #if defined(CONFIG_BIGINT_MONTGOMERY) ! 218: ctx->use_classical = 0; /* reset for any further operation */ ! 219: #endif ! 220: return bi_add(ctx, m2, bi_multiply(ctx, rsa->q, h)); ! 221: } ! 222: #endif ! 223: ! 224: #ifdef CONFIG_SSL_FULL_MODE ! 225: /** ! 226: * Used for diagnostics. ! 227: */ ! 228: void RSA_print(const RSA_CTX *rsa_ctx) ! 229: { ! 230: if (rsa_ctx == NULL) ! 231: return; ! 232: ! 233: printf("----------------- RSA DEBUG ----------------\n"); ! 234: printf("Size:\t%d\n", rsa_ctx->num_octets); ! 235: bi_print("Modulus", rsa_ctx->m); ! 236: bi_print("Public Key", rsa_ctx->e); ! 237: bi_print("Private Key", rsa_ctx->d); ! 238: } ! 239: #endif ! 240: ! 241: #ifdef CONFIG_SSL_CERT_VERIFICATION ! 242: /** ! 243: * Performs c = m^e mod n ! 244: */ ! 245: bigint *RSA_public(const RSA_CTX * c, bigint *bi_msg) ! 246: { ! 247: c->bi_ctx->mod_offset = BIGINT_M_OFFSET; ! 248: return bi_mod_power(c->bi_ctx, bi_msg, c->e); ! 249: } ! 250: ! 251: /** ! 252: * Use PKCS1.5 for encryption/signing. ! 253: * see http://www.rsasecurity.com/rsalabs/node.asp?id=2125 ! 254: */ ! 255: int RSA_encrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint16_t in_len, ! 256: uint8_t *out_data, int is_signing) ! 257: { ! 258: int byte_size = ctx->num_octets; ! 259: int num_pads_needed = byte_size-in_len-3; ! 260: bigint *dat_bi, *encrypt_bi; ! 261: ! 262: /* note: in_len+11 must be > byte_size */ ! 263: out_data[0] = 0; /* ensure encryption block is < modulus */ ! 264: ! 265: if (is_signing) ! 266: { ! 267: out_data[1] = 1; /* PKCS1.5 signing pads with "0xff"'s */ ! 268: memset(&out_data[2], 0xff, num_pads_needed); ! 269: } ! 270: else /* randomize the encryption padding with non-zero bytes */ ! 271: { ! 272: out_data[1] = 2; ! 273: get_random_NZ(num_pads_needed, &out_data[2]); ! 274: } ! 275: ! 276: out_data[2+num_pads_needed] = 0; ! 277: memcpy(&out_data[3+num_pads_needed], in_data, in_len); ! 278: ! 279: /* now encrypt it */ ! 280: dat_bi = bi_import(ctx->bi_ctx, out_data, byte_size); ! 281: encrypt_bi = is_signing ? RSA_private(ctx, dat_bi) : ! 282: RSA_public(ctx, dat_bi); ! 283: bi_export(ctx->bi_ctx, encrypt_bi, out_data, byte_size); ! 284: return byte_size; ! 285: } ! 286: ! 287: #if 0 ! 288: /** ! 289: * Take a signature and decrypt it. ! 290: */ ! 291: bigint *RSA_sign_verify(BI_CTX *ctx, const uint8_t *sig, int sig_len, ! 292: bigint *modulus, bigint *pub_exp) ! 293: { ! 294: uint8_t *block; ! 295: int i, size; ! 296: bigint *decrypted_bi, *dat_bi; ! 297: bigint *bir = NULL; ! 298: ! 299: block = (uint8_t *)malloc(sig_len); ! 300: ! 301: /* decrypt */ ! 302: dat_bi = bi_import(ctx, sig, sig_len); ! 303: ctx->mod_offset = BIGINT_M_OFFSET; ! 304: ! 305: /* convert to a normal block */ ! 306: decrypted_bi = bi_mod_power2(ctx, dat_bi, modulus, pub_exp); ! 307: ! 308: bi_export(ctx, decrypted_bi, block, sig_len); ! 309: ctx->mod_offset = BIGINT_M_OFFSET; ! 310: ! 311: i = 10; /* start at the first possible non-padded byte */ ! 312: while (block[i++] && i < sig_len); ! 313: size = sig_len - i; ! 314: ! 315: /* get only the bit we want */ ! 316: if (size > 0) ! 317: { ! 318: int len; ! 319: const uint8_t *sig_ptr = x509_get_signature(&block[i], &len); ! 320: ! 321: if (sig_ptr) ! 322: { ! 323: bir = bi_import(ctx, sig_ptr, len); ! 324: } ! 325: } ! 326: ! 327: free(block); ! 328: return bir; ! 329: } ! 330: #endif ! 331: ! 332: #endif /* CONFIG_SSL_CERT_VERIFICATION */
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.