X-Git-Url: http://git.silcnet.org/gitweb/?a=blobdiff_plain;f=lib%2Fsilccrypt%2Frsa.c;h=7bacd1e098af114fd4663eb4c6b5f9c1720bb3fc;hb=413da0f8686910f5e627393157566ae729ca99c4;hp=66aea06a875c825b232e6f1af6c0bec6f99af2ba;hpb=2dc218143c7859f7529396dc121ae08e2fd78da0;p=silc.git diff --git a/lib/silccrypt/rsa.c b/lib/silccrypt/rsa.c index 66aea06a..7bacd1e0 100644 --- a/lib/silccrypt/rsa.c +++ b/lib/silccrypt/rsa.c @@ -61,6 +61,16 @@ The `tmplen' in encrypt, decrypt, sign and verify PKCS API functions is now calculated by (key->bits + 7) / 8. It is the length of one block. + o Sat Mar 16 18:27:19 EET 2002 Pekka + + Use the SilcRng sent as argument to SILC_PKCS_API_INIT in prime + generation. + + o Sat Sep 26 19:59:48 EEST 2002 Pekka + + Fixed double free in public key setting. Use a bit larger e as + starting point in key generation. + */ #include "silcincludes.h" @@ -75,7 +85,7 @@ SILC_PKCS_API_INIT(rsa) { - uint32 prime_bits = keylen / 2; + SilcUInt32 prime_bits = keylen / 2; SilcMPInt p, q; bool found = FALSE; @@ -87,10 +97,10 @@ SILC_PKCS_API_INIT(rsa) /* Find p and q */ while (!found) { printf("Finding p: "); - silc_math_gen_prime(&p, prime_bits, TRUE); + silc_math_gen_prime(&p, prime_bits, TRUE, rng); printf("\nFinding q: "); - silc_math_gen_prime(&q, prime_bits, TRUE); + silc_math_gen_prime(&q, prime_bits, TRUE, rng); if ((silc_mp_cmp(&p, &q)) == 0) printf("\nFound equal primes, not good, retrying...\n"); @@ -116,7 +126,7 @@ SILC_PKCS_API_INIT(rsa) silc_mp_uninit(&p); silc_mp_uninit(&q); - printf("\nKeys generated succesfully.\n"); + printf("\nKeys generated successfully.\n"); return TRUE; } @@ -132,11 +142,11 @@ SILC_PKCS_API_GET_PUBLIC_KEY(rsa) { RsaKey *key = (RsaKey *)context; unsigned char *e, *n, *ret; - uint32 e_len, n_len; + SilcUInt32 e_len, n_len; unsigned char tmp[4]; e = silc_mp_mp2bin(&key->e, 0, &e_len); - n = silc_mp_mp2bin(&key->n, key->bits / 8, &n_len); + n = silc_mp_mp2bin(&key->n, (key->bits + 7) / 8, &n_len); *ret_len = e_len + 4 + n_len + 4; ret = silc_calloc(*ret_len, sizeof(unsigned char)); @@ -171,11 +181,11 @@ SILC_PKCS_API_GET_PRIVATE_KEY(rsa) { RsaKey *key = (RsaKey *)context; unsigned char *e, *n, *d, *ret; - uint32 e_len, n_len, d_len; + SilcUInt32 e_len, n_len, d_len; unsigned char tmp[4]; e = silc_mp_mp2bin(&key->e, 0, &e_len); - n = silc_mp_mp2bin(&key->n, key->bits / 8, &n_len); + n = silc_mp_mp2bin(&key->n, (key->bits + 7) / 8, &n_len); d = silc_mp_mp2bin(&key->d, 0, &d_len); *ret_len = e_len + 4 + n_len + 4 + d_len + 4; @@ -218,24 +228,39 @@ SILC_PKCS_API_SET_PUBLIC_KEY(rsa) { RsaKey *key = (RsaKey *)context; unsigned char tmp[4]; - uint32 e_len, n_len; + SilcUInt32 e_len, n_len; + + if (key->pub_set) { + silc_mp_uninit(&key->e); + silc_mp_uninit(&key->n); + key->pub_set = FALSE; + } + + if (key_len < 4) + return 0; silc_mp_init(&key->e); silc_mp_init(&key->n); memcpy(tmp, key_data, 4); SILC_GET32_MSB(e_len, tmp); - if (e_len > key_len) { + if (!e_len || e_len + 4 > key_len) { silc_mp_uninit(&key->e); silc_mp_uninit(&key->n); return 0; } silc_mp_bin2mp(key_data + 4, e_len, &key->e); - + + if (key_len < 4 + e_len + 4) { + silc_mp_uninit(&key->e); + silc_mp_uninit(&key->n); + return 0; + } + memcpy(tmp, key_data + 4 + e_len, 4); SILC_GET32_MSB(n_len, tmp); - if (e_len + n_len > key_len) { + if (!n_len || e_len + 4 + n_len + 4 > key_len) { silc_mp_uninit(&key->e); silc_mp_uninit(&key->n); return 0; @@ -243,7 +268,8 @@ SILC_PKCS_API_SET_PUBLIC_KEY(rsa) silc_mp_bin2mp(key_data + 4 + e_len + 4, n_len, &key->n); - key->bits = n_len * 8; + key->bits = silc_mp_sizeinbase(&key->n, 2); + key->pub_set = TRUE; return key->bits; } @@ -256,7 +282,21 @@ SILC_PKCS_API_SET_PRIVATE_KEY(rsa) { RsaKey *key = (RsaKey *)context; unsigned char tmp[4]; - uint32 e_len, n_len, d_len; + SilcUInt32 e_len, n_len, d_len; + + if (key->prv_set) { + silc_mp_uninit(&key->d); + key->prv_set = FALSE; + } + + if (key->pub_set) { + silc_mp_uninit(&key->e); + silc_mp_uninit(&key->n); + key->pub_set = FALSE; + } + + if (key_len < 4) + return FALSE; silc_mp_init(&key->e); silc_mp_init(&key->n); @@ -264,37 +304,56 @@ SILC_PKCS_API_SET_PRIVATE_KEY(rsa) memcpy(tmp, key_data, 4); SILC_GET32_MSB(e_len, tmp); - if (e_len > key_len) { + if (e_len + 4 > key_len) { silc_mp_uninit(&key->e); silc_mp_uninit(&key->n); + silc_mp_uninit(&key->d); return FALSE; } silc_mp_bin2mp(key_data + 4, e_len, &key->e); + if (key_len < e_len + 4 + 4) { + silc_mp_uninit(&key->e); + silc_mp_uninit(&key->n); + silc_mp_uninit(&key->d); + return FALSE; + } + memcpy(tmp, key_data + 4 + e_len, 4); SILC_GET32_MSB(n_len, tmp); - if (e_len + n_len > key_len) { + if (e_len + 4 + n_len + 4 > key_len) { silc_mp_uninit(&key->e); silc_mp_uninit(&key->n); + silc_mp_uninit(&key->d); return FALSE; } silc_mp_bin2mp(key_data + 4 + e_len + 4, n_len, &key->n); + if (key_len < e_len + 4 + n_len + 4 + 4) { + silc_mp_uninit(&key->e); + silc_mp_uninit(&key->n); + silc_mp_uninit(&key->d); + return FALSE; + } + memcpy(tmp, key_data + 4 + e_len + 4 + n_len, 4); SILC_GET32_MSB(d_len, tmp); - if (e_len + n_len + d_len > key_len) { + if (e_len + 4 + n_len + 4 + d_len + 4 > key_len) { silc_mp_uninit(&key->e); silc_mp_uninit(&key->n); + silc_mp_uninit(&key->d); return FALSE; } silc_mp_bin2mp(key_data + 4 + e_len + 4 + n_len + 4, d_len, &key->d); - key->bits = n_len * 8; + key->bits = silc_mp_sizeinbase(&key->n, 2); + key->prv_set = TRUE; + key->pub_set = TRUE; - return TRUE; + return key->bits; } SILC_PKCS_API_CONTEXT_LEN(rsa) @@ -305,20 +364,15 @@ SILC_PKCS_API_CONTEXT_LEN(rsa) SILC_PKCS_API_ENCRYPT(rsa) { RsaKey *key = (RsaKey *)context; - int i, tmplen; + int tmplen; SilcMPInt mp_tmp; SilcMPInt mp_dst; silc_mp_init(&mp_tmp); silc_mp_init(&mp_dst); - silc_mp_set_ui(&mp_tmp, 0); - silc_mp_set_ui(&mp_dst, 0); /* Format the data into MP int */ - for (i = 0; i < src_len; i++) { - silc_mp_mul_2exp(&mp_tmp, &mp_tmp, 8); - silc_mp_add_ui(&mp_tmp, &mp_tmp, src[i]); - } + silc_mp_bin2mp(src, src_len, &mp_tmp); /* Encrypt */ rsa_en_de_crypt(&mp_dst, &mp_tmp, &key->e, &key->n); @@ -326,10 +380,7 @@ SILC_PKCS_API_ENCRYPT(rsa) tmplen = (key->bits + 7) / 8; /* Format the MP int back into data */ - for (i = tmplen; i > 0; i--) { - dst[i - 1] = (unsigned char)(silc_mp_get_ui(&mp_dst) & 0xff); - silc_mp_div_2exp(&mp_dst, &mp_dst, 8); - } + silc_mp_mp2bin_noalloc(&mp_dst, dst, tmplen); *dst_len = tmplen; silc_mp_uninit(&mp_tmp); @@ -341,20 +392,15 @@ SILC_PKCS_API_ENCRYPT(rsa) SILC_PKCS_API_DECRYPT(rsa) { RsaKey *key = (RsaKey *)context; - int i, tmplen; + int tmplen; SilcMPInt mp_tmp; SilcMPInt mp_dst; silc_mp_init(&mp_tmp); silc_mp_init(&mp_dst); - silc_mp_set_ui(&mp_tmp, 0); - silc_mp_set_ui(&mp_dst, 0); /* Format the data into MP int */ - for (i = 0; i < src_len; i++) { - silc_mp_mul_2exp(&mp_tmp, &mp_tmp, 8); - silc_mp_add_ui(&mp_tmp, &mp_tmp, src[i]); - } + silc_mp_bin2mp(src, src_len, &mp_tmp); /* Decrypt */ rsa_en_de_crypt(&mp_dst, &mp_tmp, &key->d, &key->n); @@ -362,10 +408,7 @@ SILC_PKCS_API_DECRYPT(rsa) tmplen = (key->bits + 7) / 8; /* Format the MP int back into data */ - for (i = tmplen; i > 0; i--) { - dst[i - 1] = (unsigned char)(silc_mp_get_ui(&mp_dst) & 0xff); - silc_mp_div_2exp(&mp_dst, &mp_dst, 8); - } + silc_mp_mp2bin_noalloc(&mp_dst, dst, tmplen); *dst_len = tmplen; silc_mp_uninit(&mp_tmp); @@ -377,20 +420,15 @@ SILC_PKCS_API_DECRYPT(rsa) SILC_PKCS_API_SIGN(rsa) { RsaKey *key = (RsaKey *)context; - int i, tmplen; + int tmplen; SilcMPInt mp_tmp; SilcMPInt mp_dst; silc_mp_init(&mp_tmp); silc_mp_init(&mp_dst); - silc_mp_set_ui(&mp_tmp, 0); - silc_mp_set_ui(&mp_dst, 0); /* Format the data into MP int */ - for (i = 0; i < src_len; i++) { - silc_mp_mul_2exp(&mp_tmp, &mp_tmp, 8); - silc_mp_add_ui(&mp_tmp, &mp_tmp, src[i]); - } + silc_mp_bin2mp(src, src_len, &mp_tmp); /* Sign */ rsa_en_de_crypt(&mp_dst, &mp_tmp, &key->d, &key->n); @@ -398,10 +436,7 @@ SILC_PKCS_API_SIGN(rsa) tmplen = (key->bits + 7) / 8; /* Format the MP int back into data */ - for (i = tmplen; i > 0; i--) { - dst[i - 1] = (unsigned char)(silc_mp_get_ui(&mp_dst) & 0xff); - silc_mp_div_2exp(&mp_dst, &mp_dst, 8); - } + silc_mp_mp2bin_noalloc(&mp_dst, dst, tmplen); *dst_len = tmplen; silc_mp_uninit(&mp_tmp); @@ -413,31 +448,22 @@ SILC_PKCS_API_SIGN(rsa) SILC_PKCS_API_VERIFY(rsa) { RsaKey *key = (RsaKey *)context; - int i, ret; + int ret; SilcMPInt mp_tmp, mp_tmp2; SilcMPInt mp_dst; silc_mp_init(&mp_tmp); silc_mp_init(&mp_tmp2); silc_mp_init(&mp_dst); - silc_mp_set_ui(&mp_tmp, 0); - silc_mp_set_ui(&mp_tmp2, 0); - silc_mp_set_ui(&mp_dst, 0); /* Format the signature into MP int */ - for (i = 0; i < signature_len; i++) { - silc_mp_mul_2exp(&mp_tmp2, &mp_tmp2, 8); - silc_mp_add_ui(&mp_tmp2, &mp_tmp2, signature[i]); - } + silc_mp_bin2mp(signature, signature_len, &mp_tmp2); /* Verify */ rsa_en_de_crypt(&mp_dst, &mp_tmp2, &key->e, &key->n); /* Format the data into MP int */ - for (i = 0; i < data_len; i++) { - silc_mp_mul_2exp(&mp_tmp, &mp_tmp, 8); - silc_mp_add_ui(&mp_tmp, &mp_tmp, data[i]); - } + silc_mp_bin2mp(data, data_len, &mp_tmp); ret = TRUE; @@ -456,7 +482,7 @@ SILC_PKCS_API_VERIFY(rsa) to compute the modulus n has to be generated before calling this. They are then sent as argument for the function. */ -void rsa_generate_keys(RsaKey *key, uint32 bits, +void rsa_generate_keys(RsaKey *key, SilcUInt32 bits, SilcMPInt *p, SilcMPInt *q) { SilcMPInt phi, hlp; @@ -464,8 +490,6 @@ void rsa_generate_keys(RsaKey *key, uint32 bits, SilcMPInt pm1, qm1; /* Initialize variables */ - silc_mp_init(&key->p); - silc_mp_init(&key->q); silc_mp_init(&key->n); silc_mp_init(&key->e); silc_mp_init(&key->d); @@ -479,22 +503,18 @@ void rsa_generate_keys(RsaKey *key, uint32 bits, /* Set modulus length */ key->bits = bits; - /* Set the primes */ - silc_mp_set(&key->p, p); - silc_mp_set(&key->q, q); - /* Compute modulus, n = p * q */ - silc_mp_mul(&key->n, &key->p, &key->q); + silc_mp_mul(&key->n, p, q); /* phi = (p - 1) * (q - 1) */ - silc_mp_sub_ui(&pm1, &key->p, 1); - silc_mp_sub_ui(&qm1, &key->q, 1); + silc_mp_sub_ui(&pm1, p, 1); + silc_mp_sub_ui(&qm1, q, 1); silc_mp_mul(&phi, &pm1, &qm1); /* Set e, the public exponent. We try to use same public exponent for all keys. Also, to make encryption faster we use small number. */ - silc_mp_set_ui(&key->e, 127); + silc_mp_set_ui(&key->e, 65533); retry_e: /* See if e is relatively prime to phi. gcd == greates common divisor, if gcd equals 1 they are relatively prime. */ @@ -504,7 +524,7 @@ void rsa_generate_keys(RsaKey *key, uint32 bits, goto retry_e; } - /* Find d, the private exponent. */ + /* Find d, the private exponent, e ^ -1 mod lcm(phi). */ silc_mp_gcd(&div, &pm1, &qm1); silc_mp_div(&lcm, &phi, &div); silc_mp_modinv(&key->d, &key->e, &lcm); @@ -522,11 +542,12 @@ void rsa_generate_keys(RsaKey *key, uint32 bits, void rsa_clear_keys(RsaKey *key) { key->bits = 0; - silc_mp_uninit(&key->p); - silc_mp_uninit(&key->q); - silc_mp_uninit(&key->n); - silc_mp_uninit(&key->e); - silc_mp_uninit(&key->d); + if (key->pub_set) { + silc_mp_uninit(&key->n); + silc_mp_uninit(&key->e); + } + if (key->prv_set) + silc_mp_uninit(&key->d); } /* RSA encrypt/decrypt function. cm = ciphertext or plaintext,