X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/54096dccf20f64fca587539528a26ee8dec1f4a3..HEAD:/rsa.c diff --git a/rsa.c b/rsa.c index 2456b27e..bec1d190 100644 --- a/rsa.c +++ b/rsa.c @@ -1,151 +1,80 @@ +/* $OpenBSD: rsa.c,v 1.29 2006/11/06 21:25:28 markus Exp $ */ /* - * - * rsa.c - * * Author: Tatu Ylonen - * * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved - * - * Created: Fri Mar 3 22:07:06 1995 ylo - * - * Description of the RSA algorithm can be found e.g. from the following sources: - * + * + * As far as I am concerned, the code I have written for this software + * can be used freely for any purpose. Any derived versions of this + * software must be clearly marked as such, and if the derived work is + * incompatible with the protocol description in the RFC file, it must be + * called by a name other than "ssh" or "Secure Shell". + * + * + * Copyright (c) 1999 Niels Provos. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * + * Description of the RSA algorithm can be found e.g. from the following + * sources: + * * Bruce Schneier: Applied Cryptography. John Wiley & Sons, 1994. - * + * * Jennifer Seberry and Josed Pieprzyk: Cryptography: An Introduction to * Computer Security. Prentice-Hall, 1989. - * + * * Man Young Rhee: Cryptography and Secure Data Communications. McGraw-Hill, * 1994. - * + * * R. Rivest, A. Shamir, and L. M. Adleman: Cryptographic Communications * System and Method. US Patent 4,405,829, 1983. - * + * * Hans Riesel: Prime Numbers and Computer Methods for Factorization. * Birkhauser, 1994. - * - * The RSA Frequently Asked Questions document by RSA Data Security, Inc., 1995. - * - * RSA in 3 lines of perl by Adam Back , 1995, as included - * below: - * + * + * The RSA Frequently Asked Questions document by RSA Data Security, + * Inc., 1995. + * + * RSA in 3 lines of perl by Adam Back , 1995, as + * included below: + * * [gone - had to be deleted - what a pity] - * -*/ - -#include "includes.h" -RCSID("$Id$"); - -#include "rsa.h" -#include "ssh.h" -#include "xmalloc.h" -#include "random.h" - -int rsa_verbose = 1; - -int -rsa_alive() -{ - RSA *key; - - seed_rng(); - key = RSA_generate_key(32, 3, NULL, NULL); - if (key == NULL) - return (0); - RSA_free(key); - return (1); -} - -/* - * Key generation progress meter callback */ -void -keygen_progress(int p, int n, void *arg) -{ - const char progress_chars[] = ".o+O?"; - - if ((p < 0) || (p > (sizeof(progress_chars) - 2))) - p = sizeof(progress_chars) - 2; - putchar(progress_chars[p]); - fflush(stdout); -} - -/* - * Seed OpenSSL's random number generator - */ -void -seed_rng() -{ - char buf[64]; +#include "includes.h" - get_random_bytes(buf, sizeof(buf)); - RAND_seed(buf, sizeof(buf)); - memset(buf, 0, sizeof(buf)); -} +#include -/* - * Generates RSA public and private keys. This initializes the data - * structures; they should be freed with rsa_clear_private_key and - * rsa_clear_public_key. - */ +#include +#include -void -rsa_generate_key(RSA *prv, RSA *pub, unsigned int bits) -{ - RSA *key; - - seed_rng(); - - if (rsa_verbose) { - printf("Generating RSA keys: "); - fflush(stdout); - key = RSA_generate_key(bits, 35, keygen_progress, NULL); - printf("\n"); - } else { - key = RSA_generate_key(bits, 35, NULL, NULL); - } - if (key == NULL) - fatal("rsa_generate_key: key generation failed."); - - /* Copy public key parameters */ - pub->n = BN_new(); - BN_copy(pub->n, key->n); - pub->e = BN_new(); - BN_copy(pub->e, key->e); - - /* Copy private key parameters */ - prv->n = BN_new(); - BN_copy(prv->n, key->n); - prv->e = BN_new(); - BN_copy(prv->e, key->e); - prv->d = BN_new(); - BN_copy(prv->d, key->d); - prv->p = BN_new(); - BN_copy(prv->p, key->p); - prv->q = BN_new(); - BN_copy(prv->q, key->q); - - prv->dmp1 = BN_new(); - BN_copy(prv->dmp1, key->dmp1); - - prv->dmq1 = BN_new(); - BN_copy(prv->dmq1, key->dmq1); - - prv->iqmp = BN_new(); - BN_copy(prv->iqmp, key->iqmp); - - RSA_free(key); - - if (rsa_verbose) - printf("Key generation complete.\n"); -} +#include "xmalloc.h" +#include "rsa.h" +#include "log.h" void rsa_public_encrypt(BIGNUM *out, BIGNUM *in, RSA *key) { - char *inbuf, *outbuf; + u_char *inbuf, *outbuf; int len, ilen, olen; if (BN_num_bits(key->e) < 2 || !BN_is_odd(key->e)) @@ -159,10 +88,11 @@ rsa_public_encrypt(BIGNUM *out, BIGNUM *in, RSA *key) BN_bn2bin(in, inbuf); if ((len = RSA_public_encrypt(ilen, inbuf, outbuf, key, - RSA_PKCS1_PADDING)) <= 0) + RSA_PKCS1_PADDING)) <= 0) fatal("rsa_public_encrypt() failed"); - BN_bin2bn(outbuf, len, out); + if (BN_bin2bn(outbuf, len, out) == NULL) + fatal("rsa_public_encrypt: BN_bin2bn failed"); memset(outbuf, 0, olen); memset(inbuf, 0, ilen); @@ -170,10 +100,10 @@ rsa_public_encrypt(BIGNUM *out, BIGNUM *in, RSA *key) xfree(inbuf); } -void +int rsa_private_decrypt(BIGNUM *out, BIGNUM *in, RSA *key) { - char *inbuf, *outbuf; + u_char *inbuf, *outbuf; int len, ilen, olen; olen = BN_num_bytes(key->n); @@ -184,21 +114,38 @@ rsa_private_decrypt(BIGNUM *out, BIGNUM *in, RSA *key) BN_bn2bin(in, inbuf); if ((len = RSA_private_decrypt(ilen, inbuf, outbuf, key, - RSA_SSLV23_PADDING)) <= 0) - fatal("rsa_private_decrypt() failed"); - - BN_bin2bn(outbuf, len, out); - + RSA_PKCS1_PADDING)) <= 0) { + error("rsa_private_decrypt() failed"); + } else { + if (BN_bin2bn(outbuf, len, out) == NULL) + fatal("rsa_private_decrypt: BN_bin2bn failed"); + } memset(outbuf, 0, olen); memset(inbuf, 0, ilen); xfree(outbuf); xfree(inbuf); + return len; } -/* Set whether to output verbose messages during key generation. */ - +/* calculate p-1 and q-1 */ void -rsa_set_verbose(int verbose) +rsa_generate_additional_parameters(RSA *rsa) { - rsa_verbose = verbose; + BIGNUM *aux; + BN_CTX *ctx; + + if ((aux = BN_new()) == NULL) + fatal("rsa_generate_additional_parameters: BN_new failed"); + if ((ctx = BN_CTX_new()) == NULL) + fatal("rsa_generate_additional_parameters: BN_CTX_new failed"); + + if ((BN_sub(aux, rsa->q, BN_value_one()) == 0) || + (BN_mod(rsa->dmq1, rsa->d, aux, ctx) == 0) || + (BN_sub(aux, rsa->p, BN_value_one()) == 0) || + (BN_mod(rsa->dmp1, rsa->d, aux, ctx) == 0)) + fatal("rsa_generate_additional_parameters: BN_sub/mod failed"); + + BN_clear_free(aux); + BN_CTX_free(ctx); } +