X-Git-Url: http://git.silcnet.org/gitweb/?a=blobdiff_plain;f=lib%2Fsilccrypt%2Frsa.c;h=7bacd1e098af114fd4663eb4c6b5f9c1720bb3fc;hb=413da0f8686910f5e627393157566ae729ca99c4;hp=ec47e6ddd3e0fdbe7295410fa20ed94d056f40eb;hpb=d47a87b03b846e2333ef57b2c0d81f1644992964;p=silc.git diff --git a/lib/silccrypt/rsa.c b/lib/silccrypt/rsa.c index ec47e6dd..7bacd1e0 100644 --- a/lib/silccrypt/rsa.c +++ b/lib/silccrypt/rsa.c @@ -61,6 +61,16 @@ The `tmplen' in encrypt, decrypt, sign and verify PKCS API functions is now calculated by (key->bits + 7) / 8. It is the length of one block. + o Sat Mar 16 18:27:19 EET 2002 Pekka + + Use the SilcRng sent as argument to SILC_PKCS_API_INIT in prime + generation. + + o Sat Sep 26 19:59:48 EEST 2002 Pekka + + Fixed double free in public key setting. Use a bit larger e as + starting point in key generation. + */ #include "silcincludes.h" @@ -75,7 +85,7 @@ SILC_PKCS_API_INIT(rsa) { - uint32 prime_bits = keylen / 2; + SilcUInt32 prime_bits = keylen / 2; SilcMPInt p, q; bool found = FALSE; @@ -87,10 +97,10 @@ SILC_PKCS_API_INIT(rsa) /* Find p and q */ while (!found) { printf("Finding p: "); - silc_math_gen_prime(&p, prime_bits, TRUE); + silc_math_gen_prime(&p, prime_bits, TRUE, rng); printf("\nFinding q: "); - silc_math_gen_prime(&q, prime_bits, TRUE); + silc_math_gen_prime(&q, prime_bits, TRUE, rng); if ((silc_mp_cmp(&p, &q)) == 0) printf("\nFound equal primes, not good, retrying...\n"); @@ -116,7 +126,7 @@ SILC_PKCS_API_INIT(rsa) silc_mp_uninit(&p); silc_mp_uninit(&q); - printf("\nKeys generated succesfully.\n"); + printf("\nKeys generated successfully.\n"); return TRUE; } @@ -132,11 +142,11 @@ SILC_PKCS_API_GET_PUBLIC_KEY(rsa) { RsaKey *key = (RsaKey *)context; unsigned char *e, *n, *ret; - uint32 e_len, n_len; + SilcUInt32 e_len, n_len; unsigned char tmp[4]; e = silc_mp_mp2bin(&key->e, 0, &e_len); - n = silc_mp_mp2bin(&key->n, key->bits / 8, &n_len); + n = silc_mp_mp2bin(&key->n, (key->bits + 7) / 8, &n_len); *ret_len = e_len + 4 + n_len + 4; ret = silc_calloc(*ret_len, sizeof(unsigned char)); @@ -171,11 +181,11 @@ SILC_PKCS_API_GET_PRIVATE_KEY(rsa) { RsaKey *key = (RsaKey *)context; unsigned char *e, *n, *d, *ret; - uint32 e_len, n_len, d_len; + SilcUInt32 e_len, n_len, d_len; unsigned char tmp[4]; e = silc_mp_mp2bin(&key->e, 0, &e_len); - n = silc_mp_mp2bin(&key->n, key->bits / 8, &n_len); + n = silc_mp_mp2bin(&key->n, (key->bits + 7) / 8, &n_len); d = silc_mp_mp2bin(&key->d, 0, &d_len); *ret_len = e_len + 4 + n_len + 4 + d_len + 4; @@ -218,30 +228,39 @@ SILC_PKCS_API_SET_PUBLIC_KEY(rsa) { RsaKey *key = (RsaKey *)context; unsigned char tmp[4]; - uint32 e_len, n_len; + SilcUInt32 e_len, n_len; if (key->pub_set) { silc_mp_uninit(&key->e); - silc_mp_uninit(&key->e); + silc_mp_uninit(&key->n); key->pub_set = FALSE; } + if (key_len < 4) + return 0; + silc_mp_init(&key->e); silc_mp_init(&key->n); memcpy(tmp, key_data, 4); SILC_GET32_MSB(e_len, tmp); - if (e_len > key_len) { + if (!e_len || e_len + 4 > key_len) { silc_mp_uninit(&key->e); silc_mp_uninit(&key->n); return 0; } silc_mp_bin2mp(key_data + 4, e_len, &key->e); - + + if (key_len < 4 + e_len + 4) { + silc_mp_uninit(&key->e); + silc_mp_uninit(&key->n); + return 0; + } + memcpy(tmp, key_data + 4 + e_len, 4); SILC_GET32_MSB(n_len, tmp); - if (e_len + n_len > key_len) { + if (!n_len || e_len + 4 + n_len + 4 > key_len) { silc_mp_uninit(&key->e); silc_mp_uninit(&key->n); return 0; @@ -249,7 +268,7 @@ SILC_PKCS_API_SET_PUBLIC_KEY(rsa) silc_mp_bin2mp(key_data + 4 + e_len + 4, n_len, &key->n); - key->bits = n_len * 8; + key->bits = silc_mp_sizeinbase(&key->n, 2); key->pub_set = TRUE; return key->bits; @@ -263,7 +282,7 @@ SILC_PKCS_API_SET_PRIVATE_KEY(rsa) { RsaKey *key = (RsaKey *)context; unsigned char tmp[4]; - uint32 e_len, n_len, d_len; + SilcUInt32 e_len, n_len, d_len; if (key->prv_set) { silc_mp_uninit(&key->d); @@ -276,13 +295,16 @@ SILC_PKCS_API_SET_PRIVATE_KEY(rsa) key->pub_set = FALSE; } + if (key_len < 4) + return FALSE; + silc_mp_init(&key->e); silc_mp_init(&key->n); silc_mp_init(&key->d); memcpy(tmp, key_data, 4); SILC_GET32_MSB(e_len, tmp); - if (e_len > key_len) { + if (e_len + 4 > key_len) { silc_mp_uninit(&key->e); silc_mp_uninit(&key->n); silc_mp_uninit(&key->d); @@ -291,9 +313,16 @@ SILC_PKCS_API_SET_PRIVATE_KEY(rsa) silc_mp_bin2mp(key_data + 4, e_len, &key->e); + if (key_len < e_len + 4 + 4) { + silc_mp_uninit(&key->e); + silc_mp_uninit(&key->n); + silc_mp_uninit(&key->d); + return FALSE; + } + memcpy(tmp, key_data + 4 + e_len, 4); SILC_GET32_MSB(n_len, tmp); - if (e_len + n_len > key_len) { + if (e_len + 4 + n_len + 4 > key_len) { silc_mp_uninit(&key->e); silc_mp_uninit(&key->n); silc_mp_uninit(&key->d); @@ -302,9 +331,16 @@ SILC_PKCS_API_SET_PRIVATE_KEY(rsa) silc_mp_bin2mp(key_data + 4 + e_len + 4, n_len, &key->n); + if (key_len < e_len + 4 + n_len + 4 + 4) { + silc_mp_uninit(&key->e); + silc_mp_uninit(&key->n); + silc_mp_uninit(&key->d); + return FALSE; + } + memcpy(tmp, key_data + 4 + e_len + 4 + n_len, 4); SILC_GET32_MSB(d_len, tmp); - if (e_len + n_len + d_len > key_len) { + if (e_len + 4 + n_len + 4 + d_len + 4 > key_len) { silc_mp_uninit(&key->e); silc_mp_uninit(&key->n); silc_mp_uninit(&key->d); @@ -313,11 +349,11 @@ SILC_PKCS_API_SET_PRIVATE_KEY(rsa) silc_mp_bin2mp(key_data + 4 + e_len + 4 + n_len + 4, d_len, &key->d); - key->bits = n_len * 8; + key->bits = silc_mp_sizeinbase(&key->n, 2); key->prv_set = TRUE; key->pub_set = TRUE; - return TRUE; + return key->bits; } SILC_PKCS_API_CONTEXT_LEN(rsa) @@ -328,20 +364,15 @@ SILC_PKCS_API_CONTEXT_LEN(rsa) SILC_PKCS_API_ENCRYPT(rsa) { RsaKey *key = (RsaKey *)context; - int i, tmplen; + int tmplen; SilcMPInt mp_tmp; SilcMPInt mp_dst; silc_mp_init(&mp_tmp); silc_mp_init(&mp_dst); - silc_mp_set_ui(&mp_tmp, 0); - silc_mp_set_ui(&mp_dst, 0); /* Format the data into MP int */ - for (i = 0; i < src_len; i++) { - silc_mp_mul_2exp(&mp_tmp, &mp_tmp, 8); - silc_mp_add_ui(&mp_tmp, &mp_tmp, src[i]); - } + silc_mp_bin2mp(src, src_len, &mp_tmp); /* Encrypt */ rsa_en_de_crypt(&mp_dst, &mp_tmp, &key->e, &key->n); @@ -349,10 +380,7 @@ SILC_PKCS_API_ENCRYPT(rsa) tmplen = (key->bits + 7) / 8; /* Format the MP int back into data */ - for (i = tmplen; i > 0; i--) { - dst[i - 1] = (unsigned char)(silc_mp_get_ui(&mp_dst) & 0xff); - silc_mp_div_2exp(&mp_dst, &mp_dst, 8); - } + silc_mp_mp2bin_noalloc(&mp_dst, dst, tmplen); *dst_len = tmplen; silc_mp_uninit(&mp_tmp); @@ -364,20 +392,15 @@ SILC_PKCS_API_ENCRYPT(rsa) SILC_PKCS_API_DECRYPT(rsa) { RsaKey *key = (RsaKey *)context; - int i, tmplen; + int tmplen; SilcMPInt mp_tmp; SilcMPInt mp_dst; silc_mp_init(&mp_tmp); silc_mp_init(&mp_dst); - silc_mp_set_ui(&mp_tmp, 0); - silc_mp_set_ui(&mp_dst, 0); /* Format the data into MP int */ - for (i = 0; i < src_len; i++) { - silc_mp_mul_2exp(&mp_tmp, &mp_tmp, 8); - silc_mp_add_ui(&mp_tmp, &mp_tmp, src[i]); - } + silc_mp_bin2mp(src, src_len, &mp_tmp); /* Decrypt */ rsa_en_de_crypt(&mp_dst, &mp_tmp, &key->d, &key->n); @@ -385,10 +408,7 @@ SILC_PKCS_API_DECRYPT(rsa) tmplen = (key->bits + 7) / 8; /* Format the MP int back into data */ - for (i = tmplen; i > 0; i--) { - dst[i - 1] = (unsigned char)(silc_mp_get_ui(&mp_dst) & 0xff); - silc_mp_div_2exp(&mp_dst, &mp_dst, 8); - } + silc_mp_mp2bin_noalloc(&mp_dst, dst, tmplen); *dst_len = tmplen; silc_mp_uninit(&mp_tmp); @@ -400,20 +420,15 @@ SILC_PKCS_API_DECRYPT(rsa) SILC_PKCS_API_SIGN(rsa) { RsaKey *key = (RsaKey *)context; - int i, tmplen; + int tmplen; SilcMPInt mp_tmp; SilcMPInt mp_dst; silc_mp_init(&mp_tmp); silc_mp_init(&mp_dst); - silc_mp_set_ui(&mp_tmp, 0); - silc_mp_set_ui(&mp_dst, 0); /* Format the data into MP int */ - for (i = 0; i < src_len; i++) { - silc_mp_mul_2exp(&mp_tmp, &mp_tmp, 8); - silc_mp_add_ui(&mp_tmp, &mp_tmp, src[i]); - } + silc_mp_bin2mp(src, src_len, &mp_tmp); /* Sign */ rsa_en_de_crypt(&mp_dst, &mp_tmp, &key->d, &key->n); @@ -421,10 +436,7 @@ SILC_PKCS_API_SIGN(rsa) tmplen = (key->bits + 7) / 8; /* Format the MP int back into data */ - for (i = tmplen; i > 0; i--) { - dst[i - 1] = (unsigned char)(silc_mp_get_ui(&mp_dst) & 0xff); - silc_mp_div_2exp(&mp_dst, &mp_dst, 8); - } + silc_mp_mp2bin_noalloc(&mp_dst, dst, tmplen); *dst_len = tmplen; silc_mp_uninit(&mp_tmp); @@ -436,31 +448,22 @@ SILC_PKCS_API_SIGN(rsa) SILC_PKCS_API_VERIFY(rsa) { RsaKey *key = (RsaKey *)context; - int i, ret; + int ret; SilcMPInt mp_tmp, mp_tmp2; SilcMPInt mp_dst; silc_mp_init(&mp_tmp); silc_mp_init(&mp_tmp2); silc_mp_init(&mp_dst); - silc_mp_set_ui(&mp_tmp, 0); - silc_mp_set_ui(&mp_tmp2, 0); - silc_mp_set_ui(&mp_dst, 0); /* Format the signature into MP int */ - for (i = 0; i < signature_len; i++) { - silc_mp_mul_2exp(&mp_tmp2, &mp_tmp2, 8); - silc_mp_add_ui(&mp_tmp2, &mp_tmp2, signature[i]); - } + silc_mp_bin2mp(signature, signature_len, &mp_tmp2); /* Verify */ rsa_en_de_crypt(&mp_dst, &mp_tmp2, &key->e, &key->n); /* Format the data into MP int */ - for (i = 0; i < data_len; i++) { - silc_mp_mul_2exp(&mp_tmp, &mp_tmp, 8); - silc_mp_add_ui(&mp_tmp, &mp_tmp, data[i]); - } + silc_mp_bin2mp(data, data_len, &mp_tmp); ret = TRUE; @@ -479,7 +482,7 @@ SILC_PKCS_API_VERIFY(rsa) to compute the modulus n has to be generated before calling this. They are then sent as argument for the function. */ -void rsa_generate_keys(RsaKey *key, uint32 bits, +void rsa_generate_keys(RsaKey *key, SilcUInt32 bits, SilcMPInt *p, SilcMPInt *q) { SilcMPInt phi, hlp; @@ -511,7 +514,7 @@ void rsa_generate_keys(RsaKey *key, uint32 bits, /* Set e, the public exponent. We try to use same public exponent for all keys. Also, to make encryption faster we use small number. */ - silc_mp_set_ui(&key->e, 127); + silc_mp_set_ui(&key->e, 65533); retry_e: /* See if e is relatively prime to phi. gcd == greates common divisor, if gcd equals 1 they are relatively prime. */ @@ -521,7 +524,7 @@ void rsa_generate_keys(RsaKey *key, uint32 bits, goto retry_e; } - /* Find d, the private exponent. */ + /* Find d, the private exponent, e ^ -1 mod lcm(phi). */ silc_mp_gcd(&div, &pm1, &qm1); silc_mp_div(&lcm, &phi, &div); silc_mp_modinv(&key->d, &key->e, &lcm);