Home | History | Annotate | Download | only in openssh 
      1 /* $OpenBSD: rsa.c,v 1.29 2006/11/06 21:25:28 markus Exp $ */
      2 /*
      3  * Author: Tatu Ylonen <ylo (at) cs.hut.fi>
      4  * Copyright (c) 1995 Tatu Ylonen <ylo (at) cs.hut.fi>, Espoo, Finland
      5  *                    All rights reserved
      6  *
      7  * As far as I am concerned, the code I have written for this software
      8  * can be used freely for any purpose.  Any derived versions of this
      9  * software must be clearly marked as such, and if the derived work is
     10  * incompatible with the protocol description in the RFC file, it must be
     11  * called by a name other than "ssh" or "Secure Shell".
     12  *
     13  *
     14  * Copyright (c) 1999 Niels Provos.  All rights reserved.
     15  *
     16  * Redistribution and use in source and binary forms, with or without
     17  * modification, are permitted provided that the following conditions
     18  * are met:
     19  * 1. Redistributions of source code must retain the above copyright
     20  *    notice, this list of conditions and the following disclaimer.
     21  * 2. Redistributions in binary form must reproduce the above copyright
     22  *    notice, this list of conditions and the following disclaimer in the
     23  *    documentation and/or other materials provided with the distribution.
     24  *
     25  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
     26  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
     27  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
     28  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
     29  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
     30  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
     31  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
     32  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
     33  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
     34  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
     35  *
     36  *
     37  * Description of the RSA algorithm can be found e.g. from the following
     38  * sources:
     39  *
     40  *   Bruce Schneier: Applied Cryptography.  John Wiley & Sons, 1994.
     41  *
     42  *   Jennifer Seberry and Josed Pieprzyk: Cryptography: An Introduction to
     43  *   Computer Security.  Prentice-Hall, 1989.
     44  *
     45  *   Man Young Rhee: Cryptography and Secure Data Communications.  McGraw-Hill,
     46  *   1994.
     47  *
     48  *   R. Rivest, A. Shamir, and L. M. Adleman: Cryptographic Communications
     49  *   System and Method.  US Patent 4,405,829, 1983.
     50  *
     51  *   Hans Riesel: Prime Numbers and Computer Methods for Factorization.
     52  *   Birkhauser, 1994.
     53  *
     54  *   The RSA Frequently Asked Questions document by RSA Data Security,
     55  *   Inc., 1995.
     56  *
     57  *   RSA in 3 lines of perl by Adam Back <aba (at) atlax.ex.ac.uk>, 1995, as
     58  * included below:
     59  *
     60  *     [gone - had to be deleted - what a pity]
     61  */
     62 
     63 #include "includes.h"
     64 
     65 #include <sys/types.h>
     66 
     67 #include <stdarg.h>
     68 #include <string.h>
     69 
     70 #include "xmalloc.h"
     71 #include "rsa.h"
     72 #include "log.h"
     73 
     74 void
     75 rsa_public_encrypt(BIGNUM *out, BIGNUM *in, RSA *key)
     76 {
     77 	u_char *inbuf, *outbuf;
     78 	int len, ilen, olen;
     79 
     80 	if (BN_num_bits(key->e) < 2 || !BN_is_odd(key->e))
     81 		fatal("rsa_public_encrypt() exponent too small or not odd");
     82 
     83 	olen = BN_num_bytes(key->n);
     84 	outbuf = xmalloc(olen);
     85 
     86 	ilen = BN_num_bytes(in);
     87 	inbuf = xmalloc(ilen);
     88 	BN_bn2bin(in, inbuf);
     89 
     90 	if ((len = RSA_public_encrypt(ilen, inbuf, outbuf, key,
     91 	    RSA_PKCS1_PADDING)) <= 0)
     92 		fatal("rsa_public_encrypt() failed");
     93 
     94 	if (BN_bin2bn(outbuf, len, out) == NULL)
     95 		fatal("rsa_public_encrypt: BN_bin2bn failed");
     96 
     97 	memset(outbuf, 0, olen);
     98 	memset(inbuf, 0, ilen);
     99 	xfree(outbuf);
    100 	xfree(inbuf);
    101 }
    102 
    103 int
    104 rsa_private_decrypt(BIGNUM *out, BIGNUM *in, RSA *key)
    105 {
    106 	u_char *inbuf, *outbuf;
    107 	int len, ilen, olen;
    108 
    109 	olen = BN_num_bytes(key->n);
    110 	outbuf = xmalloc(olen);
    111 
    112 	ilen = BN_num_bytes(in);
    113 	inbuf = xmalloc(ilen);
    114 	BN_bn2bin(in, inbuf);
    115 
    116 	if ((len = RSA_private_decrypt(ilen, inbuf, outbuf, key,
    117 	    RSA_PKCS1_PADDING)) <= 0) {
    118 		error("rsa_private_decrypt() failed");
    119 	} else {
    120 		if (BN_bin2bn(outbuf, len, out) == NULL)
    121 			fatal("rsa_private_decrypt: BN_bin2bn failed");
    122 	}
    123 	memset(outbuf, 0, olen);
    124 	memset(inbuf, 0, ilen);
    125 	xfree(outbuf);
    126 	xfree(inbuf);
    127 	return len;
    128 }
    129 
    130 /* calculate p-1 and q-1 */
    131 void
    132 rsa_generate_additional_parameters(RSA *rsa)
    133 {
    134 	BIGNUM *aux;
    135 	BN_CTX *ctx;
    136 
    137 	if ((aux = BN_new()) == NULL)
    138 		fatal("rsa_generate_additional_parameters: BN_new failed");
    139 	if ((ctx = BN_CTX_new()) == NULL)
    140 		fatal("rsa_generate_additional_parameters: BN_CTX_new failed");
    141 
    142 	if ((BN_sub(aux, rsa->q, BN_value_one()) == 0) ||
    143 	    (BN_mod(rsa->dmq1, rsa->d, aux, ctx) == 0) ||
    144 	    (BN_sub(aux, rsa->p, BN_value_one()) == 0) ||
    145 	    (BN_mod(rsa->dmp1, rsa->d, aux, ctx) == 0))
    146 		fatal("rsa_generate_additional_parameters: BN_sub/mod failed");
    147 
    148 	BN_clear_free(aux);
    149 	BN_CTX_free(ctx);
    150 }
    151 
    152