![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to rsa.c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [rsaref] / rsaref / source|
Return to rsa.c CVS log | Up to [rsaref] / rsaref / source |
1.1 root 1: /* RSA.C - RSA routines for RSAREF
2: */
3:
4: /* Copyright (C) 1991-2 RSA Laboratories, a division of RSA Data
5: Security, Inc. All rights reserved.
6: */
7:
8: #include "global.h"
9: #include "rsaref.h"
10: #include "r_random.h"
11: #include "rsa.h"
12: #include "nn.h"
13:
14: static int RSAPublicBlock PROTO_LIST
15: ((unsigned char *, unsigned int *, unsigned char *, unsigned int,
16: R_RSA_PUBLIC_KEY *));
17: static int RSAPrivateBlock PROTO_LIST
18: ((unsigned char *, unsigned int *, unsigned char *, unsigned int,
19: R_RSA_PRIVATE_KEY *));
20:
21: /* RSA public-key encryption, according to PKCS #1.
22: */
23: int RSAPublicEncrypt
24: (output, outputLen, input, inputLen, publicKey, randomStruct)
25: unsigned char *output; /* output block */
26: unsigned int *outputLen; /* length of output block */
27: unsigned char *input; /* input block */
28: unsigned int inputLen; /* length of input block */
29: R_RSA_PUBLIC_KEY *publicKey; /* RSA public key */
30: R_RANDOM_STRUCT *randomStruct; /* random structure */
31: {
32: int status;
33: unsigned char byte, pkcsBlock[MAX_RSA_MODULUS_LEN];
34: unsigned int i, modulusLen;
35:
36: modulusLen = (publicKey->bits + 7) / 8;
37: if (inputLen + 11 > modulusLen)
38: return (RE_LEN);
39:
40: pkcsBlock[0] = 0;
41: /* block type 2 */
42: pkcsBlock[1] = 2;
43:
44: for (i = 2; i < modulusLen - inputLen - 1; i++) {
45: /* Find nonzero random byte.
46: */
47: do {
48: R_GenerateBytes (&byte, 1, randomStruct);
49: } while (byte == 0);
50: pkcsBlock[i] = byte;
51: }
52: /* separator */
53: pkcsBlock[i++] = 0;
54:
55: R_memcpy ((POINTER)&pkcsBlock[i], (POINTER)input, inputLen);
56:
57: status = RSAPublicBlock
58: (output, outputLen, pkcsBlock, modulusLen, publicKey);
59:
60: /* Zeroize sensitive information.
61: */
62: byte = 0;
63: R_memset ((POINTER)pkcsBlock, 0, sizeof (pkcsBlock));
64:
65: return (status);
66: }
67:
68: /* RSA public-key decryption, according to PKCS #1.
69: */
70: int RSAPublicDecrypt (output, outputLen, input, inputLen, publicKey)
71: unsigned char *output; /* output block */
72: unsigned int *outputLen; /* length of output block */
73: unsigned char *input; /* input block */
74: unsigned int inputLen; /* length of input block */
75: R_RSA_PUBLIC_KEY *publicKey; /* RSA public key */
76: {
77: int status;
78: unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN];
79: unsigned int i, modulusLen, pkcsBlockLen;
80:
81: modulusLen = (publicKey->bits + 7) / 8;
82: if (inputLen > modulusLen)
83: return (RE_LEN);
84:
85: if (status = RSAPublicBlock
86: (pkcsBlock, &pkcsBlockLen, input, inputLen, publicKey))
87: return (status);
88:
89: if (pkcsBlockLen != modulusLen)
90: return (RE_LEN);
91:
92: /* Require block type 1.
93: */
94: if ((pkcsBlock[0] != 0) || (pkcsBlock[1] != 1))
95: return (RE_DATA);
96:
97: for (i = 2; i < modulusLen-1; i++)
98: if (pkcsBlock[i] != 0xff)
99: break;
100:
101: /* separator */
102: if (pkcsBlock[i++] != 0)
103: return (RE_DATA);
104:
105: *outputLen = modulusLen - i;
106:
107: if (*outputLen + 11 > modulusLen)
108: return (RE_DATA);
109:
110: R_memcpy ((POINTER)output, (POINTER)&pkcsBlock[i], *outputLen);
111:
112: /* Zeroize potentially sensitive information.
113: */
114: R_memset ((POINTER)pkcsBlock, 0, sizeof (pkcsBlock));
115:
116: return (0);
117: }
118:
119: /* RSA private-key encryption, according to PKCS #1.
120: */
121: int RSAPrivateEncrypt (output, outputLen, input, inputLen, privateKey)
122: unsigned char *output; /* output block */
123: unsigned int *outputLen; /* length of output block */
124: unsigned char *input; /* input block */
125: unsigned int inputLen; /* length of input block */
126: R_RSA_PRIVATE_KEY *privateKey; /* RSA private key */
127: {
128: int status;
129: unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN];
130: unsigned int i, modulusLen;
131:
132: modulusLen = (privateKey->bits + 7) / 8;
133: if (inputLen + 11 > modulusLen)
134: return (RE_LEN);
135:
136: pkcsBlock[0] = 0;
137: /* block type 1 */
138: pkcsBlock[1] = 1;
139:
140: for (i = 2; i < modulusLen - inputLen - 1; i++)
141: pkcsBlock[i] = 0xff;
142:
143: /* separator */
144: pkcsBlock[i++] = 0;
145:
146: R_memcpy ((POINTER)&pkcsBlock[i], (POINTER)input, inputLen);
147:
148: status = RSAPrivateBlock
149: (output, outputLen, pkcsBlock, modulusLen, privateKey);
150:
151: /* Zeroize potentially sensitive information.
152: */
153: R_memset ((POINTER)pkcsBlock, 0, sizeof (pkcsBlock));
154:
155: return (status);
156: }
157:
158: /* RSA private-key decryption, according to PKCS #1.
159: */
160: int RSAPrivateDecrypt (output, outputLen, input, inputLen, privateKey)
161: unsigned char *output; /* output block */
162: unsigned int *outputLen; /* length of output block */
163: unsigned char *input; /* input block */
164: unsigned int inputLen; /* length of input block */
165: R_RSA_PRIVATE_KEY *privateKey; /* RSA private key */
166: {
167: int status;
168: unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN];
169: unsigned int i, modulusLen, pkcsBlockLen;
170:
171: modulusLen = (privateKey->bits + 7) / 8;
172: if (inputLen > modulusLen)
173: return (RE_LEN);
174:
175: if (status = RSAPrivateBlock
176: (pkcsBlock, &pkcsBlockLen, input, inputLen, privateKey))
177: return (status);
178:
179: if (pkcsBlockLen != modulusLen)
180: return (RE_LEN);
181:
182: /* Require block type 2.
183: */
184: if ((pkcsBlock[0] != 0) || (pkcsBlock[1] != 2))
185: return (RE_DATA);
186:
187: for (i = 2; i < modulusLen-1; i++)
188: /* separator */
189: if (pkcsBlock[i] == 0)
190: break;
191:
192: i++;
193: if (i >= modulusLen)
194: return (RE_DATA);
195:
196: *outputLen = modulusLen - i;
197:
198: if (*outputLen + 11 > modulusLen)
199: return (RE_DATA);
200:
201: R_memcpy ((POINTER)output, (POINTER)&pkcsBlock[i], *outputLen);
202:
203: /* Zeroize sensitive information.
204: */
205: R_memset ((POINTER)pkcsBlock, 0, sizeof (pkcsBlock));
206:
207: return (0);
208: }
209:
210: /* Raw RSA public-key operation. Output has same length as modulus.
211:
212: Assumes inputLen < length of modulus.
213: Requires input < modulus.
214: */
215: static int RSAPublicBlock (output, outputLen, input, inputLen, publicKey)
216: unsigned char *output; /* output block */
217: unsigned int *outputLen; /* length of output block */
218: unsigned char *input; /* input block */
219: unsigned int inputLen; /* length of input block */
220: R_RSA_PUBLIC_KEY *publicKey; /* RSA public key */
221: {
222: NN_DIGIT c[MAX_NN_DIGITS], e[MAX_NN_DIGITS], m[MAX_NN_DIGITS],
223: n[MAX_NN_DIGITS];
224: unsigned int eDigits, nDigits;
225:
226: NN_Decode (m, MAX_NN_DIGITS, input, inputLen);
227: NN_Decode (n, MAX_NN_DIGITS, publicKey->modulus, MAX_RSA_MODULUS_LEN);
228: NN_Decode (e, MAX_NN_DIGITS, publicKey->exponent, MAX_RSA_MODULUS_LEN);
229: nDigits = NN_Digits (n, MAX_NN_DIGITS);
230: eDigits = NN_Digits (e, MAX_NN_DIGITS);
231:
232: if (NN_Cmp (m, n, nDigits) >= 0)
233: return (RE_DATA);
234:
235: /* Compute c = m^e mod n.
236: */
237: NN_ModExp (c, m, e, eDigits, n, nDigits);
238:
239: *outputLen = (publicKey->bits + 7) / 8;
240: NN_Encode (output, *outputLen, c, nDigits);
241:
242: /* Zeroize sensitive information.
243: */
244: R_memset ((POINTER)c, 0, sizeof (c));
245: R_memset ((POINTER)m, 0, sizeof (m));
246:
247: return (0);
248: }
249:
250: /* Raw RSA private-key operation. Output has same length as modulus.
251:
252: Assumes inputLen < length of modulus.
253: Requires input < modulus.
254: */
255: static int RSAPrivateBlock (output, outputLen, input, inputLen, privateKey)
256: unsigned char *output; /* output block */
257: unsigned int *outputLen; /* length of output block */
258: unsigned char *input; /* input block */
259: unsigned int inputLen; /* length of input block */
260: R_RSA_PRIVATE_KEY *privateKey; /* RSA private key */
261: {
262: NN_DIGIT c[MAX_NN_DIGITS], cP[MAX_NN_DIGITS], cQ[MAX_NN_DIGITS],
263: dP[MAX_NN_DIGITS], dQ[MAX_NN_DIGITS], mP[MAX_NN_DIGITS],
264: mQ[MAX_NN_DIGITS], n[MAX_NN_DIGITS], p[MAX_NN_DIGITS], q[MAX_NN_DIGITS],
265: qInv[MAX_NN_DIGITS], t[MAX_NN_DIGITS];
266: unsigned int cDigits, nDigits, pDigits;
267:
268: NN_Decode (c, MAX_NN_DIGITS, input, inputLen);
269: NN_Decode (n, MAX_NN_DIGITS, privateKey->modulus, MAX_RSA_MODULUS_LEN);
270: NN_Decode (p, MAX_NN_DIGITS, privateKey->prime[0], MAX_RSA_PRIME_LEN);
271: NN_Decode (q, MAX_NN_DIGITS, privateKey->prime[1], MAX_RSA_PRIME_LEN);
272: NN_Decode
273: (dP, MAX_NN_DIGITS, privateKey->primeExponent[0], MAX_RSA_PRIME_LEN);
274: NN_Decode
275: (dQ, MAX_NN_DIGITS, privateKey->primeExponent[1], MAX_RSA_PRIME_LEN);
276: NN_Decode (qInv, MAX_NN_DIGITS, privateKey->coefficient, MAX_RSA_PRIME_LEN);
277: cDigits = NN_Digits (c, MAX_NN_DIGITS);
278: nDigits = NN_Digits (n, MAX_NN_DIGITS);
279: pDigits = NN_Digits (p, MAX_NN_DIGITS);
280:
281: if (NN_Cmp (c, n, nDigits) >= 0)
282: return (RE_DATA);
283:
284: /* Compute mP = cP^dP mod p and mQ = cQ^dQ mod q. (Assumes q has
285: length at most pDigits, i.e., p > q.)
286: */
287: NN_Mod (cP, c, cDigits, p, pDigits);
288: NN_Mod (cQ, c, cDigits, q, pDigits);
289: NN_ModExp (mP, cP, dP, pDigits, p, pDigits);
290: NN_AssignZero (mQ, nDigits);
291: NN_ModExp (mQ, cQ, dQ, pDigits, q, pDigits);
292:
293: /* Chinese Remainder Theorem:
294: m = ((((mP - mQ) mod p) * qInv) mod p) * q + mQ.
295: */
296: if (NN_Cmp (mP, mQ, pDigits) >= 0)
297: NN_Sub (t, mP, mQ, pDigits);
298: else {
299: NN_Sub (t, mQ, mP, pDigits);
300: NN_Sub (t, p, t, pDigits);
301: }
302: NN_ModMult (t, t, qInv, p, pDigits);
303: NN_Mult (t, t, q, pDigits);
304: NN_Add (t, t, mQ, nDigits);
305:
306: *outputLen = (privateKey->bits + 7) / 8;
307: NN_Encode (output, *outputLen, t, nDigits);
308:
309: /* Zeroize sensitive information.
310: */
311: R_memset ((POINTER)c, 0, sizeof (c));
312: R_memset ((POINTER)cP, 0, sizeof (cP));
313: R_memset ((POINTER)cQ, 0, sizeof (cQ));
314: R_memset ((POINTER)dP, 0, sizeof (dP));
315: R_memset ((POINTER)dQ, 0, sizeof (dQ));
316: R_memset ((POINTER)mP, 0, sizeof (mP));
317: R_memset ((POINTER)mQ, 0, sizeof (mQ));
318: R_memset ((POINTER)p, 0, sizeof (p));
319: R_memset ((POINTER)q, 0, sizeof (q));
320: R_memset ((POINTER)qInv, 0, sizeof (qInv));
321: R_memset ((POINTER)t, 0, sizeof (t));
322:
323: return (0);
324: }
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.