* Decryption:
* m = c ^ d mod n
*
- * This code is based on SSH's (Secure Shell), PGP's (Pretty Good Privacy)
- * and RSAREF Toolkit's RSA source codes. They all were a big help for me.
+ * The SSH's (Secure Shell), PGP's (Pretty Good Privacy) and RSAREF
+ * Toolkit were used as reference when coding this implementation. They
+ * all were a big help for me.
*
* I also suggest reading Bruce Schneier's; Applied Cryptography, Second
* Edition, John Wiley & Sons, Inc. 1996. This book deals about RSA and
The `tmplen' in encrypt, decrypt, sign and verify PKCS API functions
is now calculated by (key->bits + 7) / 8. It is the length of one block.
+ o Sat Mar 16 18:27:19 EET 2002 Pekka
+
+ Use the SilcRng sent as argument to SILC_PKCS_API_INIT in prime
+ generation.
+
+ o Sat Sep 26 19:59:48 EEST 2002 Pekka
+
+ Fixed double free in public key setting. Use a bit larger e as
+ starting point in key generation.
+
*/
#include "silcincludes.h"
+#include "rsa_internal.h"
#include "rsa.h"
/*
SILC_PKCS_API_INIT(rsa)
{
- uint32 prime_bits = keylen / 2;
+ SilcUInt32 prime_bits = keylen / 2;
SilcMPInt p, q;
+ bool found = FALSE;
printf("Generating RSA Public and Private keys, might take a while...\n");
silc_mp_init(&q);
/* Find p and q */
- retry_primes:
- printf("Finding p: ");
- silc_math_gen_prime(&p, prime_bits, TRUE);
-
- printf("\nFinding q: ");
- silc_math_gen_prime(&q, prime_bits, TRUE);
-
- if ((silc_mp_cmp(&p, &q)) == 0) {
- printf("\nFound equal primes, not good, retrying...\n");
- goto retry_primes;
+ while (!found) {
+ printf("Finding p: ");
+ silc_math_gen_prime(&p, prime_bits, TRUE, rng);
+
+ printf("\nFinding q: ");
+ silc_math_gen_prime(&q, prime_bits, TRUE, rng);
+
+ if ((silc_mp_cmp(&p, &q)) == 0)
+ printf("\nFound equal primes, not good, retrying...\n");
+ else
+ found = TRUE;
}
/* If p is smaller than q, switch them */
silc_mp_uninit(&p);
silc_mp_uninit(&q);
- printf("\nKeys generated succesfully.\n");
+ printf("\nKeys generated successfully.\n");
return TRUE;
}
{
RsaKey *key = (RsaKey *)context;
unsigned char *e, *n, *ret;
- uint32 e_len, n_len;
+ SilcUInt32 e_len, n_len;
unsigned char tmp[4];
e = silc_mp_mp2bin(&key->e, 0, &e_len);
- n = silc_mp_mp2bin(&key->n, key->bits / 8, &n_len);
+ n = silc_mp_mp2bin(&key->n, (key->bits + 7) / 8, &n_len);
*ret_len = e_len + 4 + n_len + 4;
ret = silc_calloc(*ret_len, sizeof(unsigned char));
{
RsaKey *key = (RsaKey *)context;
unsigned char *e, *n, *d, *ret;
- uint32 e_len, n_len, d_len;
+ SilcUInt32 e_len, n_len, d_len;
unsigned char tmp[4];
e = silc_mp_mp2bin(&key->e, 0, &e_len);
- n = silc_mp_mp2bin(&key->n, key->bits / 8, &n_len);
+ n = silc_mp_mp2bin(&key->n, (key->bits + 7) / 8, &n_len);
d = silc_mp_mp2bin(&key->d, 0, &d_len);
*ret_len = e_len + 4 + n_len + 4 + d_len + 4;
{
RsaKey *key = (RsaKey *)context;
unsigned char tmp[4];
- uint32 e_len, n_len;
+ SilcUInt32 e_len, n_len;
+
+ if (key->pub_set) {
+ silc_mp_uninit(&key->e);
+ silc_mp_uninit(&key->n);
+ key->pub_set = FALSE;
+ }
+
+ if (key_len < 4)
+ return 0;
silc_mp_init(&key->e);
silc_mp_init(&key->n);
memcpy(tmp, key_data, 4);
SILC_GET32_MSB(e_len, tmp);
- if (e_len > key_len) {
+ if (!e_len || e_len + 4 > key_len) {
silc_mp_uninit(&key->e);
silc_mp_uninit(&key->n);
return 0;
}
silc_mp_bin2mp(key_data + 4, e_len, &key->e);
-
+
+ if (key_len < 4 + e_len + 4) {
+ silc_mp_uninit(&key->e);
+ silc_mp_uninit(&key->n);
+ return 0;
+ }
+
memcpy(tmp, key_data + 4 + e_len, 4);
SILC_GET32_MSB(n_len, tmp);
- if (e_len + n_len > key_len) {
+ if (!n_len || e_len + 4 + n_len + 4 > key_len) {
silc_mp_uninit(&key->e);
silc_mp_uninit(&key->n);
return 0;
silc_mp_bin2mp(key_data + 4 + e_len + 4, n_len, &key->n);
- key->bits = n_len * 8;
+ key->bits = silc_mp_sizeinbase(&key->n, 2);
+ key->pub_set = TRUE;
return key->bits;
}
{
RsaKey *key = (RsaKey *)context;
unsigned char tmp[4];
- uint32 e_len, n_len, d_len;
+ SilcUInt32 e_len, n_len, d_len;
+
+ if (key->prv_set) {
+ silc_mp_uninit(&key->d);
+ key->prv_set = FALSE;
+ }
+
+ if (key->pub_set) {
+ silc_mp_uninit(&key->e);
+ silc_mp_uninit(&key->n);
+ key->pub_set = FALSE;
+ }
+
+ if (key_len < 4)
+ return FALSE;
silc_mp_init(&key->e);
silc_mp_init(&key->n);
memcpy(tmp, key_data, 4);
SILC_GET32_MSB(e_len, tmp);
- if (e_len > key_len) {
+ if (e_len + 4 > key_len) {
silc_mp_uninit(&key->e);
silc_mp_uninit(&key->n);
+ silc_mp_uninit(&key->d);
return FALSE;
}
silc_mp_bin2mp(key_data + 4, e_len, &key->e);
+ if (key_len < e_len + 4 + 4) {
+ silc_mp_uninit(&key->e);
+ silc_mp_uninit(&key->n);
+ silc_mp_uninit(&key->d);
+ return FALSE;
+ }
+
memcpy(tmp, key_data + 4 + e_len, 4);
SILC_GET32_MSB(n_len, tmp);
- if (e_len + n_len > key_len) {
+ if (e_len + 4 + n_len + 4 > key_len) {
silc_mp_uninit(&key->e);
silc_mp_uninit(&key->n);
+ silc_mp_uninit(&key->d);
return FALSE;
}
silc_mp_bin2mp(key_data + 4 + e_len + 4, n_len, &key->n);
+ if (key_len < e_len + 4 + n_len + 4 + 4) {
+ silc_mp_uninit(&key->e);
+ silc_mp_uninit(&key->n);
+ silc_mp_uninit(&key->d);
+ return FALSE;
+ }
+
memcpy(tmp, key_data + 4 + e_len + 4 + n_len, 4);
SILC_GET32_MSB(d_len, tmp);
- if (e_len + n_len + d_len > key_len) {
+ if (e_len + 4 + n_len + 4 + d_len + 4 > key_len) {
silc_mp_uninit(&key->e);
silc_mp_uninit(&key->n);
+ silc_mp_uninit(&key->d);
return FALSE;
}
silc_mp_bin2mp(key_data + 4 + e_len + 4 + n_len + 4, d_len, &key->d);
- key->bits = n_len * 8;
+ key->bits = silc_mp_sizeinbase(&key->n, 2);
+ key->prv_set = TRUE;
+ key->pub_set = TRUE;
- return TRUE;
+ return key->bits;
}
SILC_PKCS_API_CONTEXT_LEN(rsa)
SILC_PKCS_API_ENCRYPT(rsa)
{
RsaKey *key = (RsaKey *)context;
- int i, tmplen;
+ int tmplen;
SilcMPInt mp_tmp;
SilcMPInt mp_dst;
silc_mp_init(&mp_tmp);
silc_mp_init(&mp_dst);
- silc_mp_set_ui(&mp_tmp, 0);
- silc_mp_set_ui(&mp_dst, 0);
/* Format the data into MP int */
- for (i = 0; i < src_len; i++) {
- silc_mp_mul_2exp(&mp_tmp, &mp_tmp, 8);
- silc_mp_add_ui(&mp_tmp, &mp_tmp, src[i]);
- }
+ silc_mp_bin2mp(src, src_len, &mp_tmp);
/* Encrypt */
rsa_en_de_crypt(&mp_dst, &mp_tmp, &key->e, &key->n);
tmplen = (key->bits + 7) / 8;
/* Format the MP int back into data */
- for (i = tmplen; i > 0; i--) {
- dst[i - 1] = (unsigned char)(silc_mp_get_ui(&mp_dst) & 0xff);
- silc_mp_div_2exp(&mp_dst, &mp_dst, 8);
- }
+ silc_mp_mp2bin_noalloc(&mp_dst, dst, tmplen);
*dst_len = tmplen;
silc_mp_uninit(&mp_tmp);
SILC_PKCS_API_DECRYPT(rsa)
{
RsaKey *key = (RsaKey *)context;
- int i, tmplen;
+ int tmplen;
SilcMPInt mp_tmp;
SilcMPInt mp_dst;
silc_mp_init(&mp_tmp);
silc_mp_init(&mp_dst);
- silc_mp_set_ui(&mp_tmp, 0);
- silc_mp_set_ui(&mp_dst, 0);
/* Format the data into MP int */
- for (i = 0; i < src_len; i++) {
- silc_mp_mul_2exp(&mp_tmp, &mp_tmp, 8);
- silc_mp_add_ui(&mp_tmp, &mp_tmp, src[i]);
- }
+ silc_mp_bin2mp(src, src_len, &mp_tmp);
/* Decrypt */
rsa_en_de_crypt(&mp_dst, &mp_tmp, &key->d, &key->n);
tmplen = (key->bits + 7) / 8;
/* Format the MP int back into data */
- for (i = tmplen; i > 0; i--) {
- dst[i - 1] = (unsigned char)(silc_mp_get_ui(&mp_dst) & 0xff);
- silc_mp_div_2exp(&mp_dst, &mp_dst, 8);
- }
+ silc_mp_mp2bin_noalloc(&mp_dst, dst, tmplen);
*dst_len = tmplen;
silc_mp_uninit(&mp_tmp);
SILC_PKCS_API_SIGN(rsa)
{
RsaKey *key = (RsaKey *)context;
- int i, tmplen;
+ int tmplen;
SilcMPInt mp_tmp;
SilcMPInt mp_dst;
silc_mp_init(&mp_tmp);
silc_mp_init(&mp_dst);
- silc_mp_set_ui(&mp_tmp, 0);
- silc_mp_set_ui(&mp_dst, 0);
/* Format the data into MP int */
- for (i = 0; i < src_len; i++) {
- silc_mp_mul_2exp(&mp_tmp, &mp_tmp, 8);
- silc_mp_add_ui(&mp_tmp, &mp_tmp, src[i]);
- }
+ silc_mp_bin2mp(src, src_len, &mp_tmp);
/* Sign */
rsa_en_de_crypt(&mp_dst, &mp_tmp, &key->d, &key->n);
tmplen = (key->bits + 7) / 8;
/* Format the MP int back into data */
- for (i = tmplen; i > 0; i--) {
- dst[i - 1] = (unsigned char)(silc_mp_get_ui(&mp_dst) & 0xff);
- silc_mp_div_2exp(&mp_dst, &mp_dst, 8);
- }
+ silc_mp_mp2bin_noalloc(&mp_dst, dst, tmplen);
*dst_len = tmplen;
silc_mp_uninit(&mp_tmp);
SILC_PKCS_API_VERIFY(rsa)
{
RsaKey *key = (RsaKey *)context;
- int i, ret;
+ int ret;
SilcMPInt mp_tmp, mp_tmp2;
SilcMPInt mp_dst;
silc_mp_init(&mp_tmp);
silc_mp_init(&mp_tmp2);
silc_mp_init(&mp_dst);
- silc_mp_set_ui(&mp_tmp, 0);
- silc_mp_set_ui(&mp_tmp2, 0);
- silc_mp_set_ui(&mp_dst, 0);
/* Format the signature into MP int */
- for (i = 0; i < signature_len; i++) {
- silc_mp_mul_2exp(&mp_tmp2, &mp_tmp2, 8);
- silc_mp_add_ui(&mp_tmp2, &mp_tmp2, signature[i]);
- }
+ silc_mp_bin2mp(signature, signature_len, &mp_tmp2);
/* Verify */
rsa_en_de_crypt(&mp_dst, &mp_tmp2, &key->e, &key->n);
/* Format the data into MP int */
- for (i = 0; i < data_len; i++) {
- silc_mp_mul_2exp(&mp_tmp, &mp_tmp, 8);
- silc_mp_add_ui(&mp_tmp, &mp_tmp, data[i]);
- }
+ silc_mp_bin2mp(data, data_len, &mp_tmp);
ret = TRUE;
to compute the modulus n has to be generated before calling this. They
are then sent as argument for the function. */
-void rsa_generate_keys(RsaKey *key, uint32 bits,
+void rsa_generate_keys(RsaKey *key, SilcUInt32 bits,
SilcMPInt *p, SilcMPInt *q)
{
SilcMPInt phi, hlp;
SilcMPInt pm1, qm1;
/* Initialize variables */
- silc_mp_init(&key->p);
- silc_mp_init(&key->q);
silc_mp_init(&key->n);
silc_mp_init(&key->e);
silc_mp_init(&key->d);
/* Set modulus length */
key->bits = bits;
- /* Set the primes */
- silc_mp_set(&key->p, p);
- silc_mp_set(&key->q, q);
-
/* Compute modulus, n = p * q */
- silc_mp_mul(&key->n, &key->p, &key->q);
+ silc_mp_mul(&key->n, p, q);
/* phi = (p - 1) * (q - 1) */
- silc_mp_sub_ui(&pm1, &key->p, 1);
- silc_mp_sub_ui(&qm1, &key->q, 1);
+ silc_mp_sub_ui(&pm1, p, 1);
+ silc_mp_sub_ui(&qm1, q, 1);
silc_mp_mul(&phi, &pm1, &qm1);
/* Set e, the public exponent. We try to use same public exponent
for all keys. Also, to make encryption faster we use small
number. */
- silc_mp_set_ui(&key->e, 127);
+ silc_mp_set_ui(&key->e, 65533);
retry_e:
/* See if e is relatively prime to phi. gcd == greates common divisor,
if gcd equals 1 they are relatively prime. */
goto retry_e;
}
- /* Find d, the private exponent. */
+ /* Find d, the private exponent, e ^ -1 mod lcm(phi). */
silc_mp_gcd(&div, &pm1, &qm1);
silc_mp_div(&lcm, &phi, &div);
silc_mp_modinv(&key->d, &key->e, &lcm);
void rsa_clear_keys(RsaKey *key)
{
key->bits = 0;
- silc_mp_uninit(&key->p);
- silc_mp_uninit(&key->q);
- silc_mp_uninit(&key->n);
- silc_mp_uninit(&key->e);
- silc_mp_uninit(&key->d);
+ if (key->pub_set) {
+ silc_mp_uninit(&key->n);
+ silc_mp_uninit(&key->e);
+ }
+ if (key->prv_set)
+ silc_mp_uninit(&key->d);
}
/* RSA encrypt/decrypt function. cm = ciphertext or plaintext,