Home | History | Annotate | Download | only in common
      1 /*
      2  * Author: Tatu Ylonen <ylo (at) cs.hut.fi>
      3  * Copyright (c) 1995 Tatu Ylonen <ylo (at) cs.hut.fi>, Espoo, Finland
      4  *                    All rights reserved
      5  *
      6  * As far as I am concerned, the code I have written for this software
      7  * can be used freely for any purpose.  Any derived versions of this
      8  * software must be clearly marked as such, and if the derived work is
      9  * incompatible with the protocol description in the RFC file, it must be
     10  * called by a name other than "ssh" or "Secure Shell".
     11  *
     12  *
     13  * Copyright (c) 1999 Niels Provos.  All rights reserved.
     14  *
     15  * Redistribution and use in source and binary forms, with or without
     16  * modification, are permitted provided that the following conditions
     17  * are met:
     18  * 1. Redistributions of source code must retain the above copyright
     19  *    notice, this list of conditions and the following disclaimer.
     20  * 2. Redistributions in binary form must reproduce the above copyright
     21  *    notice, this list of conditions and the following disclaimer in the
     22  *    documentation and/or other materials provided with the distribution.
     23  *
     24  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
     25  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
     26  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
     27  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
     28  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
     29  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
     30  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
     31  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
     32  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
     33  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
     34  *
     35  *
     36  * Description of the RSA algorithm can be found e.g. from the following
     37  * sources:
     38  *
     39  *   Bruce Schneier: Applied Cryptography.  John Wiley & Sons, 1994.
     40  *
     41  *   Jennifer Seberry and Josed Pieprzyk: Cryptography: An Introduction to
     42  *   Computer Security.  Prentice-Hall, 1989.
     43  *
     44  *   Man Young Rhee: Cryptography and Secure Data Communications.  McGraw-Hill,
     45  *   1994.
     46  *
     47  *   R. Rivest, A. Shamir, and L. M. Adleman: Cryptographic Communications
     48  *   System and Method.  US Patent 4,405,829, 1983.
     49  *
     50  *   Hans Riesel: Prime Numbers and Computer Methods for Factorization.
     51  *   Birkhauser, 1994.
     52  *
     53  *   The RSA Frequently Asked Questions document by RSA Data Security,
     54  *   Inc., 1995.
     55  *
     56  *   RSA in 3 lines of perl by Adam Back <aba (at) atlax.ex.ac.uk>, 1995, as
     57  * included below:
     58  *
     59  *     [gone - had to be deleted - what a pity]
     60  */
     61 
     62 #include "includes.h"
     63 RCSID("$OpenBSD: rsa.c,v 1.24 2001/12/27 18:22:16 markus Exp $");
     64 
     65 #pragma ident	"%Z%%M%	%I%	%E% SMI"
     66 
     67 #include "rsa.h"
     68 #include "log.h"
     69 #include "xmalloc.h"
     70 
     71 void
     72 rsa_public_encrypt(BIGNUM *out, BIGNUM *in, RSA *key)
     73 {
     74 	u_char *inbuf, *outbuf;
     75 	int len, ilen, olen;
     76 
     77 	if (BN_num_bits(key->e) < 2 || !BN_is_odd(key->e))
     78 		fatal("rsa_public_encrypt() exponent too small or not odd");
     79 
     80 	olen = BN_num_bytes(key->n);
     81 	outbuf = xmalloc(olen);
     82 
     83 	ilen = BN_num_bytes(in);
     84 	inbuf = xmalloc(ilen);
     85 	BN_bn2bin(in, inbuf);
     86 
     87 	if ((len = RSA_public_encrypt(ilen, inbuf, outbuf, key,
     88 	    RSA_PKCS1_PADDING)) <= 0)
     89 		fatal("rsa_public_encrypt() failed");
     90 
     91 	BN_bin2bn(outbuf, len, out);
     92 
     93 	memset(outbuf, 0, olen);
     94 	memset(inbuf, 0, ilen);
     95 	xfree(outbuf);
     96 	xfree(inbuf);
     97 }
     98 
     99 int
    100 rsa_private_decrypt(BIGNUM *out, BIGNUM *in, RSA *key)
    101 {
    102 	u_char *inbuf, *outbuf;
    103 	int len, ilen, olen;
    104 
    105 	olen = BN_num_bytes(key->n);
    106 	outbuf = xmalloc(olen);
    107 
    108 	ilen = BN_num_bytes(in);
    109 	inbuf = xmalloc(ilen);
    110 	BN_bn2bin(in, inbuf);
    111 
    112 	if ((len = RSA_private_decrypt(ilen, inbuf, outbuf, key,
    113 	    RSA_PKCS1_PADDING)) <= 0) {
    114 		error("rsa_private_decrypt() failed");
    115 	} else {
    116 		BN_bin2bn(outbuf, len, out);
    117 	}
    118 	memset(outbuf, 0, olen);
    119 	memset(inbuf, 0, ilen);
    120 	xfree(outbuf);
    121 	xfree(inbuf);
    122 	return len;
    123 }
    124 
    125 /* calculate p-1 and q-1 */
    126 void
    127 rsa_generate_additional_parameters(RSA *rsa)
    128 {
    129 	BIGNUM *aux;
    130 	BN_CTX *ctx;
    131 
    132 	if ((aux = BN_new()) == NULL)
    133 		fatal("rsa_generate_additional_parameters: BN_new failed");
    134 	if ((ctx = BN_CTX_new()) == NULL)
    135 		fatal("rsa_generate_additional_parameters: BN_CTX_new failed");
    136 
    137 	BN_sub(aux, rsa->q, BN_value_one());
    138 	BN_mod(rsa->dmq1, rsa->d, aux, ctx);
    139 
    140 	BN_sub(aux, rsa->p, BN_value_one());
    141 	BN_mod(rsa->dmp1, rsa->d, aux, ctx);
    142 
    143 	BN_clear_free(aux);
    144 	BN_CTX_free(ctx);
    145 }
    146 
    147