5 Author: Pekka Riikonen <priikone@silcnet.org>
7 Copyright (C) 2003 - 2006 Pekka Riikonen
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; version 2 of the License.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
24 /************************** PKCS #1 message format ***************************/
26 /* Minimum padding in block */
27 #define SILC_PKCS1_MIN_PADDING 8
29 /* Encodes PKCS#1 data block from the `data' according to the block type
30 indicated by `bt'. When encoding signatures the `bt' must be
31 SILC_PKCS1_BT_PRV1 and when encoding encryption blocks the `bt' must
32 be SILC_PKCS1_BT_PUB. The encoded data is copied into the `dest_data'
33 buffer which is size of `dest_data_size'. If the `dest_data' is not
34 able to hold the encoded block this returns FALSE. The `rng' must be
35 set when `bt' is SILC_PKCS1_BT_PUB. This function returns TRUE on
38 SilcBool silc_pkcs1_encode(SilcPkcs1BlockType bt,
39 const unsigned char *data,
41 unsigned char *dest_data,
42 SilcUInt32 dest_data_size,
48 SILC_LOG_DEBUG(("PKCS#1 encoding, bt %d", bt));
50 if (!data || !dest_data ||
51 dest_data_size < SILC_PKCS1_MIN_PADDING + 3 ||
52 dest_data_size < data_len) {
53 SILC_LOG_DEBUG(("Data to be encoded is too long"));
59 dest_data[1] = (unsigned char)bt;
61 padlen = (SilcInt32)dest_data_size - (SilcInt32)data_len - 3;
62 if (padlen < SILC_PKCS1_MIN_PADDING) {
63 SILC_LOG_DEBUG(("Data to be encoded is too long"));
67 /* Encode according to block type */
69 case SILC_PKCS1_BT_PRV0:
70 case SILC_PKCS1_BT_PRV1:
72 memset(dest_data + 2, bt == SILC_PKCS1_BT_PRV1 ? 0xff : 0x00, padlen);
75 case SILC_PKCS1_BT_PUB:
78 /* It is guaranteed this routine does not return zero byte. */
80 for (i = 2; i < padlen; i++)
81 dest_data[i] = silc_rng_get_byte_fast(rng);
83 for (i = 2; i < padlen; i++)
84 dest_data[i] = silc_rng_global_get_byte_fast();
89 dest_data[padlen + 2] = 0x00;
90 memcpy(dest_data + padlen + 3, data, data_len);
95 /* Decodes the PKCS#1 encoded block according to the block type `bt'.
96 When verifying signatures the `bt' must be SILC_PKCS1_BT_PRV1 and
97 when decrypting it must be SILC_PKCS1_BT_PUB. This copies the
98 decoded data into `dest_data' which is size of `dest_data_size'. If
99 the deocded block does not fit to `dest_data' this returns FALSE.
100 Returns TRUE on success. */
102 SilcBool silc_pkcs1_decode(SilcPkcs1BlockType bt,
103 const unsigned char *data,
105 unsigned char *dest_data,
106 SilcUInt32 dest_data_size,
107 SilcUInt32 *dest_len)
111 SILC_LOG_DEBUG(("PKCS#1 decoding, bt %d", bt));
114 if (!data || !dest_data || dest_data_size < 3 ||
115 data[0] != 0x00 || data[1] != (unsigned char)bt) {
116 SILC_LOG_DEBUG(("Malformed block"));
120 /* Decode according to block type */
122 case SILC_PKCS1_BT_PRV0:
126 case SILC_PKCS1_BT_PRV1:
128 for (i = 2; i < data_len; i++)
133 case SILC_PKCS1_BT_PUB:
135 for (i = 2; i < data_len; i++)
142 if (data[i++] != 0x00) {
143 SILC_LOG_DEBUG(("Malformed block"));
146 if (i - 1 < SILC_PKCS1_MIN_PADDING) {
147 SILC_LOG_DEBUG(("Malformed block"));
150 if (dest_data_size < data_len - i) {
151 SILC_LOG_DEBUG(("Destination buffer too small"));
156 memcpy(dest_data, data + i, data_len - i);
158 /* Return data length */
160 *dest_len = data_len - i;
166 /***************************** PKCS #1 PKCS API ******************************/
168 /* Generates RSA key pair. */
170 SilcBool silc_pkcs1_generate_key(SilcUInt32 keylen,
172 void **ret_public_key,
173 void **ret_private_key)
175 SilcUInt32 prime_bits = keylen / 2;
177 SilcBool found = FALSE;
179 if (keylen < 768 || keylen > 16384)
187 silc_math_gen_prime(&p, prime_bits, FALSE, rng);
188 silc_math_gen_prime(&q, prime_bits, FALSE, rng);
189 if ((silc_mp_cmp(&p, &q)) != 0)
193 /* If p is smaller than q, switch them */
194 if ((silc_mp_cmp(&p, &q)) > 0) {
198 silc_mp_set(&hlp, &p);
200 silc_mp_set(&q, &hlp);
202 silc_mp_uninit(&hlp);
205 /* Generate the actual keys */
206 if (!rsa_generate_keys(keylen, &p, &q, ret_public_key, ret_private_key))
215 /* Import PKCS #1 compliant public key */
217 SilcBool silc_pkcs1_import_public_key(unsigned char *key,
219 void **ret_public_key)
221 SilcAsn1 asn1 = NULL;
222 SilcBufferStruct alg_key;
223 RsaPublicKey *pubkey;
228 asn1 = silc_asn1_alloc();
232 /* Allocate RSA public key */
233 *ret_public_key = pubkey = silc_calloc(1, sizeof(*pubkey));
237 /* Parse the PKCS #1 public key */
238 silc_buffer_set(&alg_key, key, key_len);
239 if (!silc_asn1_decode(asn1, &alg_key,
240 SILC_ASN1_OPTS(SILC_ASN1_ALLOC),
242 SILC_ASN1_INT(&pubkey->n),
243 SILC_ASN1_INT(&pubkey->e),
244 SILC_ASN1_END, SILC_ASN1_END))
248 pubkey->bits = silc_mp_sizeinbase(&pubkey->n, 2);
250 silc_asn1_free(asn1);
255 silc_asn1_free(asn1);
259 /* Export PKCS #1 compliant public key */
261 unsigned char *silc_pkcs1_export_public_key(void *public_key,
264 RsaPublicKey *key = public_key;
265 SilcAsn1 asn1 = NULL;
266 SilcBufferStruct alg_key;
269 asn1 = silc_asn1_alloc();
273 /* Encode to PKCS #1 public key */
274 memset(&alg_key, 0, sizeof(alg_key));
275 if (!silc_asn1_encode(asn1, &alg_key,
276 SILC_ASN1_OPTS(SILC_ASN1_ALLOC),
278 SILC_ASN1_INT(&key->n),
279 SILC_ASN1_INT(&key->e),
280 SILC_ASN1_END, SILC_ASN1_END))
283 ret = silc_buffer_steal(&alg_key, ret_len);
284 silc_asn1_free(asn1);
290 silc_asn1_free(asn1);
294 /* Returns key length */
296 SilcUInt32 silc_pkcs1_public_key_bitlen(void *public_key)
298 RsaPublicKey *key = public_key;
302 /* Copy public key */
304 void *silc_pkcs1_public_key_copy(void *public_key)
306 RsaPublicKey *key = public_key, *new_key;
308 new_key = silc_calloc(1, sizeof(*new_key));
312 silc_mp_init(&new_key->n);
313 silc_mp_init(&new_key->e);
314 silc_mp_set(&new_key->n, &key->n);
315 silc_mp_set(&new_key->e, &key->e);
316 new_key->bits = key->bits;
321 /* Compare public keys */
323 SilcBool silc_pkcs1_public_key_compare(void *key1, void *key2)
325 RsaPublicKey *k1 = key1, *k2 = key2;
327 if (k1->bits != k2->bits)
329 if (silc_mp_cmp(&k1->e, &k2->e) != 0)
331 if (silc_mp_cmp(&k1->n, &k2->n) != 0)
337 /* Frees public key */
339 void silc_pkcs1_public_key_free(void *public_key)
341 RsaPublicKey *key = public_key;
343 silc_mp_uninit(&key->n);
344 silc_mp_uninit(&key->e);
348 /* Import PKCS #1 compliant private key */
350 SilcBool silc_pkcs1_import_private_key(unsigned char *key,
352 void **ret_private_key)
355 SilcBufferStruct alg_key;
356 RsaPrivateKey *privkey;
359 if (!ret_private_key)
362 asn1 = silc_asn1_alloc();
366 /* Allocate RSA private key */
367 *ret_private_key = privkey = silc_calloc(1, sizeof(*privkey));
371 /* Parse the PKCS #1 private key */
372 silc_buffer_set(&alg_key, key, key_len);
373 if (!silc_asn1_decode(asn1, &alg_key,
374 SILC_ASN1_OPTS(SILC_ASN1_ALLOC),
376 SILC_ASN1_SHORT_INT(&ver),
377 SILC_ASN1_INT(&privkey->n),
378 SILC_ASN1_INT(&privkey->e),
379 SILC_ASN1_INT(&privkey->d),
380 SILC_ASN1_INT(&privkey->p),
381 SILC_ASN1_INT(&privkey->q),
382 SILC_ASN1_INT(&privkey->dP),
383 SILC_ASN1_INT(&privkey->dQ),
384 SILC_ASN1_INT(&privkey->qP),
385 SILC_ASN1_END, SILC_ASN1_END))
392 privkey->bits = silc_mp_sizeinbase(&privkey->n, 2);
394 silc_asn1_free(asn1);
399 silc_asn1_free(asn1);
403 /* Export PKCS #1 compliant private key */
405 unsigned char *silc_pkcs1_export_private_key(void *private_key,
408 RsaPrivateKey *key = private_key;
410 SilcBufferStruct alg_key;
413 asn1 = silc_asn1_alloc();
417 /* Encode to PKCS #1 private key */
418 memset(&alg_key, 0, sizeof(alg_key));
419 if (!silc_asn1_encode(asn1, &alg_key,
420 SILC_ASN1_OPTS(SILC_ASN1_ALLOC),
422 SILC_ASN1_SHORT_INT(0),
423 SILC_ASN1_INT(&key->n),
424 SILC_ASN1_INT(&key->e),
425 SILC_ASN1_INT(&key->d),
426 SILC_ASN1_INT(&key->p),
427 SILC_ASN1_INT(&key->q),
428 SILC_ASN1_INT(&key->dP),
429 SILC_ASN1_INT(&key->dQ),
430 SILC_ASN1_INT(&key->qP),
431 SILC_ASN1_END, SILC_ASN1_END))
434 ret = silc_buffer_steal(&alg_key, ret_len);
435 silc_asn1_free(asn1);
440 silc_asn1_free(asn1);
444 /* Returns key length */
446 SilcUInt32 silc_pkcs1_private_key_bitlen(void *private_key)
448 RsaPrivateKey *key = private_key;
452 /* Frees private key */
454 void silc_pkcs1_private_key_free(void *private_key)
456 RsaPrivateKey *key = private_key;
458 silc_mp_uninit(&key->n);
459 silc_mp_uninit(&key->e);
460 silc_mp_uninit(&key->d);
461 silc_mp_uninit(&key->dP);
462 silc_mp_uninit(&key->dQ);
463 silc_mp_uninit(&key->qP);
464 silc_mp_uninit(&key->p);
465 silc_mp_uninit(&key->q);
469 /* PKCS #1 RSA routines */
471 SilcBool silc_pkcs1_encrypt(void *public_key,
476 SilcUInt32 *ret_dst_len)
478 RsaPublicKey *key = public_key;
481 unsigned char padded[2048 + 1];
482 SilcUInt32 len = (key->bits + 7) / 8;
484 if (sizeof(padded) < len)
490 if (!silc_pkcs1_encode(SILC_PKCS1_BT_PUB, src, src_len,
494 silc_mp_init(&mp_tmp);
495 silc_mp_init(&mp_dst);
498 silc_mp_bin2mp(padded, len, &mp_tmp);
501 rsa_public_operation(key, &mp_tmp, &mp_dst);
504 silc_mp_mp2bin_noalloc(&mp_dst, dst, len);
507 memset(padded, 0, sizeof(padded));
508 silc_mp_uninit(&mp_tmp);
509 silc_mp_uninit(&mp_dst);
514 SilcBool silc_pkcs1_decrypt(void *private_key,
519 SilcUInt32 *ret_dst_len)
521 RsaPrivateKey *key = private_key;
524 unsigned char *padded, unpadded[2048 + 1];
525 SilcUInt32 padded_len;
527 if (dst_size < (key->bits + 7) / 8)
530 silc_mp_init(&mp_tmp);
531 silc_mp_init(&mp_dst);
534 silc_mp_bin2mp(src, src_len, &mp_tmp);
537 rsa_private_operation(key, &mp_tmp, &mp_dst);
540 padded = silc_mp_mp2bin(&mp_dst, (key->bits + 7) / 8, &padded_len);
543 if (!silc_pkcs1_decode(SILC_PKCS1_BT_PUB, padded, padded_len,
544 unpadded, sizeof(unpadded), ret_dst_len)) {
545 memset(padded, 0, padded_len);
547 silc_mp_uninit(&mp_tmp);
548 silc_mp_uninit(&mp_dst);
552 /* Copy to destination */
553 memcpy(dst, unpadded, *ret_dst_len);
555 memset(padded, 0, padded_len);
556 memset(unpadded, 0, sizeof(unpadded));
558 silc_mp_uninit(&mp_tmp);
559 silc_mp_uninit(&mp_dst);
564 SilcBool silc_pkcs1_sign(void *private_key,
567 unsigned char *signature,
568 SilcUInt32 signature_size,
569 SilcUInt32 *ret_signature_len,
575 SilcBool silc_pkcs1_verify(void *public_key,
576 unsigned char *signature,
577 SilcUInt32 signature_len,
585 /* PKCS #1 sign without hash oid */
587 SilcBool silc_pkcs1_sign_no_oid(void *private_key,
590 unsigned char *signature,
591 SilcUInt32 signature_size,
592 SilcUInt32 *ret_signature_len,
595 RsaPrivateKey *key = private_key;
598 unsigned char padded[2048 + 1], hashr[SILC_HASH_MAXLEN];
599 SilcUInt32 len = (key->bits + 7) / 8;
601 if (sizeof(padded) < len)
603 if (signature_size < len)
606 /* Compute hash if requested */
608 silc_hash_make(hash, src, src_len, hashr);
610 src_len = silc_hash_len(hash);
614 if (!silc_pkcs1_encode(SILC_PKCS1_BT_PRV1, src, src_len,
618 silc_mp_init(&mp_tmp);
619 silc_mp_init(&mp_dst);
622 silc_mp_bin2mp(padded, len, &mp_tmp);
625 rsa_private_operation(key, &mp_tmp, &mp_dst);
628 silc_mp_mp2bin_noalloc(&mp_dst, signature, len);
629 *ret_signature_len = len;
631 memset(padded, 0, sizeof(padded));
632 silc_mp_uninit(&mp_tmp);
633 silc_mp_uninit(&mp_dst);
635 memset(hashr, 0, sizeof(hashr));
640 /* PKCS #1 verify without hash oid */
642 SilcBool silc_pkcs1_verify_no_oid(void *public_key,
643 unsigned char *signature,
644 SilcUInt32 signature_len,
649 RsaPublicKey *key = public_key;
653 unsigned char *verify, unpadded[2048 + 1], hashr[SILC_HASH_MAXLEN];
654 SilcUInt32 verify_len, len = (key->bits + 7) / 8;
656 silc_mp_init(&mp_tmp2);
657 silc_mp_init(&mp_dst);
659 /* Format the signature into MP int */
660 silc_mp_bin2mp(signature, signature_len, &mp_tmp2);
663 rsa_public_operation(key, &mp_tmp2, &mp_dst);
666 verify = silc_mp_mp2bin(&mp_dst, len, &verify_len);
669 if (!silc_pkcs1_decode(SILC_PKCS1_BT_PRV1, verify, verify_len,
670 unpadded, sizeof(unpadded), &len)) {
671 memset(verify, 0, verify_len);
673 silc_mp_uninit(&mp_tmp2);
674 silc_mp_uninit(&mp_dst);
678 /* Hash data if requested */
680 silc_hash_make(hash, data, data_len, hashr);
685 if (memcmp(data, unpadded, len))
688 memset(verify, 0, verify_len);
689 memset(unpadded, 0, sizeof(unpadded));
691 silc_mp_uninit(&mp_tmp2);
692 silc_mp_uninit(&mp_dst);
694 memset(hashr, 0, sizeof(hashr));