X-Git-Url: http://git.silcnet.org/gitweb/?a=blobdiff_plain;f=lib%2Fsilccrypt%2Frsa.c;h=b0b7bf50cde27c2fe68c108360dfa511df3e0503;hb=a818c5b5411bbc4436d1c5f011236985c96bb787;hp=ec85853a2f3dc9d90d310bb141d27272013a240c;hpb=ba5e36dbc0321270f06c4aad79e296e4cce1212b;p=silc.git diff --git a/lib/silccrypt/rsa.c b/lib/silccrypt/rsa.c index ec85853a..b0b7bf50 100644 --- a/lib/silccrypt/rsa.c +++ b/lib/silccrypt/rsa.c @@ -4,7 +4,7 @@ * * Author: Pekka Riikonen * - * Copyright (C) 1997 - 2000 Pekka Riikonen + * Copyright (C) 1997 - 2001 Pekka Riikonen * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -28,15 +28,16 @@ * Public key exponent: * e relatively prime to (p-1) * (q-1) * Private key exponent: - * d = e ^ -1 mod ((p-1) * (q-1)) + * d = e ^ -1 mod lcm(((p-1) * (q-1))) * * Encryption: * c = m ^ e mod n * Decryption: * m = c ^ d mod n * - * This code is based on SSH's (Secure Shell), PGP's (Pretty Good Privacy) - * and RSAREF Toolkit's RSA source codes. They all were a big help for me. + * The SSH's (Secure Shell), PGP's (Pretty Good Privacy) and RSAREF + * Toolkit were used as reference when coding this implementation. They + * all were a big help for me. * * I also suggest reading Bruce Schneier's; Applied Cryptography, Second * Edition, John Wiley & Sons, Inc. 1996. This book deals about RSA and @@ -45,7 +46,25 @@ */ /* $Id$ */ +/* + ChangeLog + + o Mon Feb 12 11:20:32 EET 2001 Pekka + + Changed RSA private exponent generation to what PKCS #1 suggests. We + try to find the smallest possible d by doing modinv(e, lcm(phi)) instead + of modinv(e, phi). Note: this is not security fix but optimization. + + o Tue Feb 20 13:58:58 EET 2001 Pekka + + Set key->bits in rsa_generate_key. It is the modulus length in bits. + The `tmplen' in encrypt, decrypt, sign and verify PKCS API functions + is now calculated by (key->bits + 7) / 8. It is the length of one block. + +*/ + #include "silcincludes.h" +#include "rsa_internal.h" #include "rsa.h" /* @@ -56,8 +75,9 @@ SILC_PKCS_API_INIT(rsa) { - unsigned int prime_bits = keylen / 2; - SilcInt p, q; + SilcUInt32 prime_bits = keylen / 2; + SilcMPInt p, q; + bool found = FALSE; printf("Generating RSA Public and Private keys, might take a while...\n"); @@ -65,35 +85,36 @@ SILC_PKCS_API_INIT(rsa) silc_mp_init(&q); /* Find p and q */ - retry_primes: - printf("Finding p: "); - silc_math_gen_prime(&p, prime_bits, TRUE); - - printf("\nFinding q: "); - silc_math_gen_prime(&q, prime_bits, TRUE); - - if ((silc_mp_cmp(&p, &q)) == 0) { - printf("\nFound equal primes, not good, retrying...\n"); - goto retry_primes; + while (!found) { + printf("Finding p: "); + silc_math_gen_prime(&p, prime_bits, TRUE); + + printf("\nFinding q: "); + silc_math_gen_prime(&q, prime_bits, TRUE); + + if ((silc_mp_cmp(&p, &q)) == 0) + printf("\nFound equal primes, not good, retrying...\n"); + else + found = TRUE; } /* If p is smaller than q, switch them */ if ((silc_mp_cmp(&p, &q)) > 0) { - SilcInt hlp; + SilcMPInt hlp; silc_mp_init(&hlp); silc_mp_set(&hlp, &p); silc_mp_set(&p, &q); silc_mp_set(&q, &hlp); - silc_mp_clear(&hlp); + silc_mp_uninit(&hlp); } /* Generate the actual keys */ rsa_generate_keys((RsaKey *)context, keylen, &p, &q); - silc_mp_clear(&p); - silc_mp_clear(&q); + silc_mp_uninit(&p); + silc_mp_uninit(&q); printf("\nKeys generated succesfully.\n"); @@ -111,11 +132,11 @@ SILC_PKCS_API_GET_PUBLIC_KEY(rsa) { RsaKey *key = (RsaKey *)context; unsigned char *e, *n, *ret; - unsigned int e_len, n_len; + SilcUInt32 e_len, n_len; unsigned char tmp[4]; - e = silc_mp_mp2bin(&key->e, &e_len); - n = silc_mp_mp2bin(&key->n, &n_len); + e = silc_mp_mp2bin(&key->e, 0, &e_len); + n = silc_mp_mp2bin(&key->n, key->bits / 8, &n_len); *ret_len = e_len + 4 + n_len + 4; ret = silc_calloc(*ret_len, sizeof(unsigned char)); @@ -150,12 +171,12 @@ SILC_PKCS_API_GET_PRIVATE_KEY(rsa) { RsaKey *key = (RsaKey *)context; unsigned char *e, *n, *d, *ret; - unsigned int e_len, n_len, d_len; + SilcUInt32 e_len, n_len, d_len; unsigned char tmp[4]; - e = silc_mp_mp2bin(&key->e, &e_len); - n = silc_mp_mp2bin(&key->n, &n_len); - d = silc_mp_mp2bin(&key->d, &d_len); + e = silc_mp_mp2bin(&key->e, 0, &e_len); + n = silc_mp_mp2bin(&key->n, key->bits / 8, &n_len); + d = silc_mp_mp2bin(&key->d, 0, &d_len); *ret_len = e_len + 4 + n_len + 4 + d_len + 4; ret = silc_calloc(*ret_len, sizeof(unsigned char)); @@ -197,7 +218,13 @@ SILC_PKCS_API_SET_PUBLIC_KEY(rsa) { RsaKey *key = (RsaKey *)context; unsigned char tmp[4]; - unsigned int e_len, n_len; + SilcUInt32 e_len, n_len; + + if (key->pub_set) { + silc_mp_uninit(&key->e); + silc_mp_uninit(&key->e); + key->pub_set = FALSE; + } silc_mp_init(&key->e); silc_mp_init(&key->n); @@ -205,9 +232,9 @@ SILC_PKCS_API_SET_PUBLIC_KEY(rsa) memcpy(tmp, key_data, 4); SILC_GET32_MSB(e_len, tmp); if (e_len > key_len) { - silc_mp_clear(&key->e); - silc_mp_clear(&key->n); - return FALSE; + silc_mp_uninit(&key->e); + silc_mp_uninit(&key->n); + return 0; } silc_mp_bin2mp(key_data + 4, e_len, &key->e); @@ -215,14 +242,17 @@ SILC_PKCS_API_SET_PUBLIC_KEY(rsa) memcpy(tmp, key_data + 4 + e_len, 4); SILC_GET32_MSB(n_len, tmp); if (e_len + n_len > key_len) { - silc_mp_clear(&key->e); - silc_mp_clear(&key->n); - return FALSE; + silc_mp_uninit(&key->e); + silc_mp_uninit(&key->n); + return 0; } silc_mp_bin2mp(key_data + 4 + e_len + 4, n_len, &key->n); - return TRUE; + key->bits = n_len * 8; + key->pub_set = TRUE; + + return key->bits; } /* Set private key. This derives the public key from the private @@ -233,7 +263,18 @@ SILC_PKCS_API_SET_PRIVATE_KEY(rsa) { RsaKey *key = (RsaKey *)context; unsigned char tmp[4]; - unsigned int e_len, n_len, d_len; + SilcUInt32 e_len, n_len, d_len; + + if (key->prv_set) { + silc_mp_uninit(&key->d); + key->prv_set = FALSE; + } + + if (key->pub_set) { + silc_mp_uninit(&key->e); + silc_mp_uninit(&key->n); + key->pub_set = FALSE; + } silc_mp_init(&key->e); silc_mp_init(&key->n); @@ -242,8 +283,9 @@ SILC_PKCS_API_SET_PRIVATE_KEY(rsa) memcpy(tmp, key_data, 4); SILC_GET32_MSB(e_len, tmp); if (e_len > key_len) { - silc_mp_clear(&key->e); - silc_mp_clear(&key->n); + silc_mp_uninit(&key->e); + silc_mp_uninit(&key->n); + silc_mp_uninit(&key->d); return FALSE; } @@ -252,8 +294,9 @@ SILC_PKCS_API_SET_PRIVATE_KEY(rsa) memcpy(tmp, key_data + 4 + e_len, 4); SILC_GET32_MSB(n_len, tmp); if (e_len + n_len > key_len) { - silc_mp_clear(&key->e); - silc_mp_clear(&key->n); + silc_mp_uninit(&key->e); + silc_mp_uninit(&key->n); + silc_mp_uninit(&key->d); return FALSE; } @@ -262,13 +305,18 @@ SILC_PKCS_API_SET_PRIVATE_KEY(rsa) memcpy(tmp, key_data + 4 + e_len + 4 + n_len, 4); SILC_GET32_MSB(d_len, tmp); if (e_len + n_len + d_len > key_len) { - silc_mp_clear(&key->e); - silc_mp_clear(&key->n); + silc_mp_uninit(&key->e); + silc_mp_uninit(&key->n); + silc_mp_uninit(&key->d); return FALSE; } silc_mp_bin2mp(key_data + 4 + e_len + 4 + n_len + 4, d_len, &key->d); + key->bits = n_len * 8; + key->prv_set = TRUE; + key->pub_set = TRUE; + return TRUE; } @@ -277,49 +325,17 @@ SILC_PKCS_API_CONTEXT_LEN(rsa) return sizeof(RsaKey); } -SILC_PKCS_API_DATA_CONTEXT_LEN(rsa) -{ - return sizeof(RsaDataContext); -} - -SILC_PKCS_API_SET_ARG(rsa) -{ - RsaDataContext *data_ctx = (RsaDataContext *)data_context; - - switch(argnum) { - case 1: - data_ctx->src = val; - return TRUE; - break; - case 2: - data_ctx->dst = val; - return TRUE; - break; - case 3: - data_ctx->exp = val; - return TRUE; - break; - case 4: - data_ctx->mod = val; - return TRUE; - break; - default: - return FALSE; - break; - } - - return FALSE; -} - SILC_PKCS_API_ENCRYPT(rsa) { RsaKey *key = (RsaKey *)context; int i, tmplen; - SilcInt mp_tmp; - SilcInt mp_dst; + SilcMPInt mp_tmp; + SilcMPInt mp_dst; - silc_mp_init_set_ui(&mp_tmp, 0); - silc_mp_init_set_ui(&mp_dst, 0); + silc_mp_init(&mp_tmp); + silc_mp_init(&mp_dst); + silc_mp_set_ui(&mp_tmp, 0); + silc_mp_set_ui(&mp_dst, 0); /* Format the data into MP int */ for (i = 0; i < src_len; i++) { @@ -327,25 +343,20 @@ SILC_PKCS_API_ENCRYPT(rsa) silc_mp_add_ui(&mp_tmp, &mp_tmp, src[i]); } - silc_mp_out_str(stderr, 16, &mp_tmp); - /* Encrypt */ rsa_en_de_crypt(&mp_dst, &mp_tmp, &key->e, &key->n); - fprintf(stderr, "\n"); - silc_mp_out_str(stderr, 16, &mp_dst); - - tmplen = (1024 + 7) / 8; + tmplen = (key->bits + 7) / 8; /* Format the MP int back into data */ for (i = tmplen; i > 0; i--) { dst[i - 1] = (unsigned char)(silc_mp_get_ui(&mp_dst) & 0xff); - silc_mp_fdiv_q_2exp(&mp_dst, &mp_dst, 8); + silc_mp_div_2exp(&mp_dst, &mp_dst, 8); } *dst_len = tmplen; - silc_mp_clear(&mp_tmp); - silc_mp_clear(&mp_dst); + silc_mp_uninit(&mp_tmp); + silc_mp_uninit(&mp_dst); return TRUE; } @@ -354,11 +365,13 @@ SILC_PKCS_API_DECRYPT(rsa) { RsaKey *key = (RsaKey *)context; int i, tmplen; - SilcInt mp_tmp; - SilcInt mp_dst; + SilcMPInt mp_tmp; + SilcMPInt mp_dst; - silc_mp_init_set_ui(&mp_tmp, 0); - silc_mp_init_set_ui(&mp_dst, 0); + silc_mp_init(&mp_tmp); + silc_mp_init(&mp_dst); + silc_mp_set_ui(&mp_tmp, 0); + silc_mp_set_ui(&mp_dst, 0); /* Format the data into MP int */ for (i = 0; i < src_len; i++) { @@ -366,25 +379,20 @@ SILC_PKCS_API_DECRYPT(rsa) silc_mp_add_ui(&mp_tmp, &mp_tmp, src[i]); } - silc_mp_out_str(stderr, 16, &mp_tmp); - /* Decrypt */ rsa_en_de_crypt(&mp_dst, &mp_tmp, &key->d, &key->n); - fprintf(stderr, "\n"); - silc_mp_out_str(stderr, 16, &mp_dst); - - tmplen = (1024 + 7) / 8; + tmplen = (key->bits + 7) / 8; /* Format the MP int back into data */ for (i = tmplen; i > 0; i--) { dst[i - 1] = (unsigned char)(silc_mp_get_ui(&mp_dst) & 0xff); - silc_mp_fdiv_q_2exp(&mp_dst, &mp_dst, 8); + silc_mp_div_2exp(&mp_dst, &mp_dst, 8); } *dst_len = tmplen; - silc_mp_clear(&mp_tmp); - silc_mp_clear(&mp_dst); + silc_mp_uninit(&mp_tmp); + silc_mp_uninit(&mp_dst); return TRUE; } @@ -393,11 +401,13 @@ SILC_PKCS_API_SIGN(rsa) { RsaKey *key = (RsaKey *)context; int i, tmplen; - SilcInt mp_tmp; - SilcInt mp_dst; + SilcMPInt mp_tmp; + SilcMPInt mp_dst; - silc_mp_init_set_ui(&mp_tmp, 0); - silc_mp_init_set_ui(&mp_dst, 0); + silc_mp_init(&mp_tmp); + silc_mp_init(&mp_dst); + silc_mp_set_ui(&mp_tmp, 0); + silc_mp_set_ui(&mp_dst, 0); /* Format the data into MP int */ for (i = 0; i < src_len; i++) { @@ -408,17 +418,17 @@ SILC_PKCS_API_SIGN(rsa) /* Sign */ rsa_en_de_crypt(&mp_dst, &mp_tmp, &key->d, &key->n); - tmplen = (1024 + 7) / 8; + tmplen = (key->bits + 7) / 8; /* Format the MP int back into data */ for (i = tmplen; i > 0; i--) { dst[i - 1] = (unsigned char)(silc_mp_get_ui(&mp_dst) & 0xff); - silc_mp_fdiv_q_2exp(&mp_dst, &mp_dst, 8); + silc_mp_div_2exp(&mp_dst, &mp_dst, 8); } *dst_len = tmplen; - silc_mp_clear(&mp_tmp); - silc_mp_clear(&mp_dst); + silc_mp_uninit(&mp_tmp); + silc_mp_uninit(&mp_dst); return TRUE; } @@ -427,12 +437,15 @@ SILC_PKCS_API_VERIFY(rsa) { RsaKey *key = (RsaKey *)context; int i, ret; - SilcInt mp_tmp, mp_tmp2; - SilcInt mp_dst; + SilcMPInt mp_tmp, mp_tmp2; + SilcMPInt mp_dst; - silc_mp_init_set_ui(&mp_tmp, 0); - silc_mp_init_set_ui(&mp_tmp2, 0); - silc_mp_init_set_ui(&mp_dst, 0); + silc_mp_init(&mp_tmp); + silc_mp_init(&mp_tmp2); + silc_mp_init(&mp_dst); + silc_mp_set_ui(&mp_tmp, 0); + silc_mp_set_ui(&mp_tmp2, 0); + silc_mp_set_ui(&mp_dst, 0); /* Format the signature into MP int */ for (i = 0; i < signature_len; i++) { @@ -455,9 +468,9 @@ SILC_PKCS_API_VERIFY(rsa) if ((silc_mp_cmp(&mp_tmp, &mp_dst)) != 0) ret = FALSE; - silc_mp_clear(&mp_tmp); - silc_mp_clear(&mp_tmp2); - silc_mp_clear(&mp_dst); + silc_mp_uninit(&mp_tmp); + silc_mp_uninit(&mp_tmp2); + silc_mp_uninit(&mp_dst); return ret; } @@ -466,35 +479,33 @@ SILC_PKCS_API_VERIFY(rsa) to compute the modulus n has to be generated before calling this. They are then sent as argument for the function. */ -void rsa_generate_keys(RsaKey *key, unsigned int bits, - SilcInt *p, SilcInt *q) +void rsa_generate_keys(RsaKey *key, SilcUInt32 bits, + SilcMPInt *p, SilcMPInt *q) { - SilcInt phi, hlp; - SilcInt dq; - SilcInt pm1, qm1; + SilcMPInt phi, hlp; + SilcMPInt div, lcm; + SilcMPInt pm1, qm1; /* Initialize variables */ - silc_mp_init(&key->p); - silc_mp_init(&key->q); silc_mp_init(&key->n); silc_mp_init(&key->e); silc_mp_init(&key->d); silc_mp_init(&phi); silc_mp_init(&hlp); - silc_mp_init(&dq); + silc_mp_init(&div); + silc_mp_init(&lcm); silc_mp_init(&pm1); silc_mp_init(&qm1); - /* Set the primes */ - silc_mp_set(&key->p, p); - silc_mp_set(&key->q, q); - + /* Set modulus length */ + key->bits = bits; + /* Compute modulus, n = p * q */ - silc_mp_mul(&key->n, &key->p, &key->q); + silc_mp_mul(&key->n, p, q); /* phi = (p - 1) * (q - 1) */ - silc_mp_sub_ui(&pm1, &key->p, 1); - silc_mp_sub_ui(&qm1, &key->q, 1); + silc_mp_sub_ui(&pm1, p, 1); + silc_mp_sub_ui(&qm1, q, 1); silc_mp_mul(&phi, &pm1, &qm1); /* Set e, the public exponent. We try to use same public exponent @@ -510,16 +521,17 @@ void rsa_generate_keys(RsaKey *key, unsigned int bits, goto retry_e; } - /* Find d, the private exponent. First we do phi / 2, to get it a - bit smaller */ - silc_mp_div_ui(&dq, &phi, 2); - silc_mp_modinv(&key->d, &key->e, &dq); + /* Find d, the private exponent. */ + silc_mp_gcd(&div, &pm1, &qm1); + silc_mp_div(&lcm, &phi, &div); + silc_mp_modinv(&key->d, &key->e, &lcm); - silc_mp_clear(&phi); - silc_mp_clear(&hlp); - silc_mp_clear(&dq); - silc_mp_clear(&pm1); - silc_mp_clear(&qm1); + silc_mp_uninit(&phi); + silc_mp_uninit(&hlp); + silc_mp_uninit(&div); + silc_mp_uninit(&lcm); + silc_mp_uninit(&pm1); + silc_mp_uninit(&qm1); } /* Clears whole key structure. */ @@ -527,11 +539,12 @@ void rsa_generate_keys(RsaKey *key, unsigned int bits, void rsa_clear_keys(RsaKey *key) { key->bits = 0; - silc_mp_clear(&key->p); - silc_mp_clear(&key->q); - silc_mp_clear(&key->n); - silc_mp_clear(&key->e); - silc_mp_clear(&key->d); + if (key->pub_set) { + silc_mp_uninit(&key->n); + silc_mp_uninit(&key->e); + } + if (key->prv_set) + silc_mp_uninit(&key->d); } /* RSA encrypt/decrypt function. cm = ciphertext or plaintext, @@ -542,8 +555,8 @@ void rsa_clear_keys(RsaKey *key) Decrypt: m = c ^ d mod n */ -void rsa_en_de_crypt(SilcInt *cm, SilcInt *mc, - SilcInt *expo, SilcInt *modu) +void rsa_en_de_crypt(SilcMPInt *cm, SilcMPInt *mc, + SilcMPInt *expo, SilcMPInt *modu) { - silc_mp_powm(cm, mc, expo, modu); + silc_mp_pow_mod(cm, mc, expo, modu); }