diff options
author | Ralf S. Engelschall <rse@openssl.org> | 1998-12-21 10:52:47 +0000 |
---|---|---|
committer | Ralf S. Engelschall <rse@openssl.org> | 1998-12-21 10:52:47 +0000 |
commit | d02b48c63a58ea4367a0e905979f140b7d090f86 (patch) | |
tree | 504f62ed3d84799f785b9cd9fab255a21b0e1b0e /crypto/rsa | |
download | openssl-d02b48c63a58ea4367a0e905979f140b7d090f86.tar.gz |
Import of old SSLeay release: SSLeay 0.8.1b
Diffstat (limited to 'crypto/rsa')
-rw-r--r-- | crypto/rsa/Makefile.ssl | 84 | ||||
-rw-r--r-- | crypto/rsa/rsa.err | 33 | ||||
-rw-r--r-- | crypto/rsa/rsa.h | 243 | ||||
-rw-r--r-- | crypto/rsa/rsa_enc.c | 538 | ||||
-rw-r--r-- | crypto/rsa/rsa_err.c | 111 | ||||
-rw-r--r-- | crypto/rsa/rsa_gen.c | 186 | ||||
-rw-r--r-- | crypto/rsa/rsa_lib.c | 200 | ||||
-rw-r--r-- | crypto/rsa/rsa_saos.c | 153 | ||||
-rw-r--r-- | crypto/rsa/rsa_sign.c | 196 |
9 files changed, 1744 insertions, 0 deletions
diff --git a/crypto/rsa/Makefile.ssl b/crypto/rsa/Makefile.ssl new file mode 100644 index 0000000000..5e04ec4484 --- /dev/null +++ b/crypto/rsa/Makefile.ssl @@ -0,0 +1,84 @@ +# +# SSLeay/crypto/rsa/Makefile +# + +DIR= rsa +TOP= ../.. +CC= cc +INCLUDES= -I.. -I../../include +CFLAG=-g +INSTALLTOP=/usr/local/ssl +MAKE= make -f Makefile.ssl +MAKEDEPEND= makedepend -f Makefile.ssl +MAKEFILE= Makefile.ssl +AR= ar r + +CFLAGS= $(INCLUDES) $(CFLAG) + +ERR=rsa +ERRC=rsa_err +GENERAL=Makefile +TEST= +APPS= + +LIB=$(TOP)/libcrypto.a +LIBSRC= rsa_enc.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c $(ERRC).c +LIBOBJ= rsa_enc.o rsa_gen.o rsa_lib.o rsa_sign.o rsa_saos.o $(ERRC).o + +SRC= $(LIBSRC) + +EXHEADER= rsa.h +HEADER= $(EXHEADER) + +ALL= $(GENERAL) $(SRC) $(HEADER) + +top: + (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) + +all: lib + +lib: $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) + sh $(TOP)/util/ranlib.sh $(LIB) + @touch lib + +files: + perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO + +links: + /bin/rm -f Makefile + $(TOP)/util/point.sh Makefile.ssl Makefile ; + $(TOP)/util/mklink.sh ../../include $(EXHEADER) + $(TOP)/util/mklink.sh ../../test $(TEST) + $(TOP)/util/mklink.sh ../../apps $(APPS) + +install: + @for i in $(EXHEADER) ; \ + do \ + (cp $$i $(INSTALLTOP)/include/$$i; \ + chmod 644 $(INSTALLTOP)/include/$$i ); \ + done; + +tags: + ctags $(SRC) + +tests: + +lint: + lint -DLINT $(INCLUDES) $(SRC)>fluff + +depend: + $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC) + +dclean: + perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new + mv -f Makefile.new $(MAKEFILE) + +clean: + /bin/rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + +errors: + perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h + perl ../err/err_genc.pl $(ERR).h $(ERRC).c + +# DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/crypto/rsa/rsa.err b/crypto/rsa/rsa.err new file mode 100644 index 0000000000..29f1496693 --- /dev/null +++ b/crypto/rsa/rsa.err @@ -0,0 +1,33 @@ +/* Error codes for the RSA functions. */ + +/* Function codes. */ +#define RSA_F_RSA_EAY_PRIVATE_DECRYPT 100 +#define RSA_F_RSA_EAY_PRIVATE_ENCRYPT 101 +#define RSA_F_RSA_EAY_PUBLIC_DECRYPT 102 +#define RSA_F_RSA_EAY_PUBLIC_ENCRYPT 103 +#define RSA_F_RSA_GENERATE_KEY 104 +#define RSA_F_RSA_NEW_METHOD 105 +#define RSA_F_RSA_PRINT 106 +#define RSA_F_RSA_PRINT_FP 107 +#define RSA_F_RSA_SIGN 108 +#define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 109 +#define RSA_F_RSA_VERIFY 110 +#define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 111 + +/* Reason codes. */ +#define RSA_R_ALGORITHM_MISMATCH 100 +#define RSA_R_BAD_E_VALUE 101 +#define RSA_R_BAD_FIXED_HEADER_DECRYPT 102 +#define RSA_R_BAD_PAD_BYTE_COUNT 103 +#define RSA_R_BAD_SIGNATURE 104 +#define RSA_R_BLOCK_TYPE_IS_NOT_01 105 +#define RSA_R_BLOCK_TYPE_IS_NOT_02 106 +#define RSA_R_DATA_GREATER_THAN_MOD_LEN 107 +#define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 108 +#define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 109 +#define RSA_R_NULL_BEFORE_BLOCK_MISSING 110 +#define RSA_R_SSLV3_ROLLBACK_ATTACK 111 +#define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 112 +#define RSA_R_UNKNOWN_ALGORITHM_TYPE 113 +#define RSA_R_UNKNOWN_PADDING_TYPE 114 +#define RSA_R_WRONG_SIGNATURE_LENGTH 115 diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h new file mode 100644 index 0000000000..821e928a1c --- /dev/null +++ b/crypto/rsa/rsa.h @@ -0,0 +1,243 @@ +/* crypto/rsa/rsa.h */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_RSA_H +#define HEADER_RSA_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include "bn.h" + +typedef struct rsa_meth_st + { + char *name; + int (*rsa_pub_enc)(); + int (*rsa_pub_dec)(); + int (*rsa_priv_enc)(); + int (*rsa_priv_dec)(); + int (*rsa_mod_exp)(); + int (*bn_mod_exp)(); + int (*init)(/* RSA * */); /* called at new */ + int (*finish)(/* RSA * */); /* called at free */ + } RSA_METHOD; + +typedef struct rsa_st + { + /* The first parameter is used to pickup errors where + * this is passed instead of aEVP_PKEY, it is set to 0 */ + int pad; + int version; + RSA_METHOD *meth; + BIGNUM *n; + BIGNUM *e; + BIGNUM *d; + BIGNUM *p; + BIGNUM *q; + BIGNUM *dmp1; + BIGNUM *dmq1; + BIGNUM *iqmp; + /* be carefull using this if the RSA structure is shared */ + char *app_data; + int references; + } RSA; + +#define RSA_3 0x3L +#define RSA_F4 0x10001L + +#define RSA_PKCS1_PADDING 11 +#define RSA_SSLV23_PADDING 12 + +#ifndef NOPROTO +RSA * RSA_new(void); +RSA * RSA_new_method(RSA_METHOD *method); +int RSA_size(RSA *); +RSA * RSA_generate_key(int bits, unsigned long e,void + (*callback)(int,int)); + /* next 4 return -1 on error */ +int RSA_public_encrypt(int flen, unsigned char *from, + unsigned char *to, RSA *rsa,int padding); +int RSA_private_encrypt(int flen, unsigned char *from, + unsigned char *to, RSA *rsa,int padding); +int RSA_public_decrypt(int flen, unsigned char *from, + unsigned char *to, RSA *rsa,int padding); +int RSA_private_decrypt(int flen, unsigned char *from, + unsigned char *to, RSA *rsa,int padding); +void RSA_free (RSA *r); + +void RSA_set_default_method(RSA_METHOD *meth); + +/* If you have RSAref compiled in. */ +/* RSA_METHOD *RSA_PKCS1_RSAref(void); */ + +/* these are the actual SSLeay RSA functions */ +RSA_METHOD *RSA_PKCS1_SSLeay(void); + +void ERR_load_RSA_strings(void ); + +RSA * d2i_RSAPublicKey(RSA **a, unsigned char **pp, long length); +int i2d_RSAPublicKey(RSA *a, unsigned char **pp); +RSA * d2i_RSAPrivateKey(RSA **a, unsigned char **pp, long length); +int i2d_RSAPrivateKey(RSA *a, unsigned char **pp); +#ifndef WIN16 +int RSA_print_fp(FILE *fp, RSA *r,int offset); +#endif + +#ifdef HEADER_BIO_H +int RSA_print(BIO *bp, RSA *r,int offset); +#endif + +int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)()); +RSA *d2i_Netscape_RSA(RSA **a, unsigned char **pp, long length, int (*cb)()); + +/* The following 2 functions sign and verify a X509_SIG ASN1 object + * inside PKCS#1 padded RSA encryption */ +int RSA_sign(int type, unsigned char *m, unsigned int m_len, + unsigned char *sigret, unsigned int *siglen, RSA *rsa); +int RSA_verify(int type, unsigned char *m, unsigned int m_len, + unsigned char *sigbuf, unsigned int siglen, RSA *rsa); + +/* The following 2 function sign and verify a ASN1_OCTET_STRING + * object inside PKCS#1 padded RSA encryption */ +int RSA_sign_ASN1_OCTET_STRING(int type, unsigned char *m, unsigned int m_len, + unsigned char *sigret, unsigned int *siglen, RSA *rsa); +int RSA_verify_ASN1_OCTET_STRING(int type, unsigned char *m, unsigned int m_len, + unsigned char *sigbuf, unsigned int siglen, RSA *rsa); + +#else + +RSA * RSA_new(); +RSA * RSA_new_method(); +int RSA_size(); +RSA * RSA_generate_key(); +int RSA_public_encrypt(); +int RSA_private_encrypt(); +int RSA_public_decrypt(); +int RSA_private_decrypt(); +void RSA_free (); + +void RSA_set_default_method(); + +/* RSA_METHOD *RSA_PKCS1_RSAref(); */ +RSA_METHOD *RSA_PKCS1_SSLeay(); + +void ERR_load_RSA_strings(); + +RSA * d2i_RSAPublicKey(); +int i2d_RSAPublicKey(); +RSA * d2i_RSAPrivateKey(); +int i2d_RSAPrivateKey(); +#ifndef WIN16 +int RSA_print_fp(); +#endif + +int RSA_print(); + +int i2d_Netscape_RSA(); +RSA *d2i_Netscape_RSA(); + +int RSA_sign(); +int RSA_verify(); + +int RSA_sign_ASN1_OCTET_STRING(); +int RSA_verify_ASN1_OCTET_STRING(); + + +#endif + +/* BEGIN ERROR CODES */ +/* Error codes for the RSA functions. */ + +/* Function codes. */ +#define RSA_F_RSA_EAY_PRIVATE_DECRYPT 100 +#define RSA_F_RSA_EAY_PRIVATE_ENCRYPT 101 +#define RSA_F_RSA_EAY_PUBLIC_DECRYPT 102 +#define RSA_F_RSA_EAY_PUBLIC_ENCRYPT 103 +#define RSA_F_RSA_GENERATE_KEY 104 +#define RSA_F_RSA_NEW_METHOD 105 +#define RSA_F_RSA_PRINT 106 +#define RSA_F_RSA_PRINT_FP 107 +#define RSA_F_RSA_SIGN 108 +#define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 109 +#define RSA_F_RSA_VERIFY 110 +#define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 111 + +/* Reason codes. */ +#define RSA_R_ALGORITHM_MISMATCH 100 +#define RSA_R_BAD_E_VALUE 101 +#define RSA_R_BAD_FIXED_HEADER_DECRYPT 102 +#define RSA_R_BAD_PAD_BYTE_COUNT 103 +#define RSA_R_BAD_SIGNATURE 104 +#define RSA_R_BLOCK_TYPE_IS_NOT_01 105 +#define RSA_R_BLOCK_TYPE_IS_NOT_02 106 +#define RSA_R_DATA_GREATER_THAN_MOD_LEN 107 +#define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 108 +#define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 109 +#define RSA_R_NULL_BEFORE_BLOCK_MISSING 110 +#define RSA_R_SSLV3_ROLLBACK_ATTACK 111 +#define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 112 +#define RSA_R_UNKNOWN_ALGORITHM_TYPE 113 +#define RSA_R_UNKNOWN_PADDING_TYPE 114 +#define RSA_R_WRONG_SIGNATURE_LENGTH 115 + +#ifdef __cplusplus +} +#endif +#endif + diff --git a/crypto/rsa/rsa_enc.c b/crypto/rsa/rsa_enc.c new file mode 100644 index 0000000000..c4a4ad5a60 --- /dev/null +++ b/crypto/rsa/rsa_enc.c @@ -0,0 +1,538 @@ +/* crypto/rsa/rsa_enc.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include "cryptlib.h" +#include "bn.h" +#include "rsa.h" +#include "rand.h" + +#ifndef NOPROTO +static int RSA_eay_public_encrypt(int flen, unsigned char *from, + unsigned char *to, RSA *rsa,int padding); +static int RSA_eay_private_encrypt(int flen, unsigned char *from, + unsigned char *to, RSA *rsa,int padding); +static int RSA_eay_public_decrypt(int flen, unsigned char *from, + unsigned char *to, RSA *rsa,int padding); +static int RSA_eay_private_decrypt(int flen, unsigned char *from, + unsigned char *to, RSA *rsa,int padding); +static int RSA_eay_mod_exp(BIGNUM *r0, BIGNUM *i, RSA *rsa); +#else +static int RSA_eay_public_encrypt(); +static int RSA_eay_private_encrypt(); +static int RSA_eay_public_decrypt(); +static int RSA_eay_private_decrypt(); +static int RSA_eay_mod_exp(); +#endif + +static RSA_METHOD rsa_pkcs1_eay_meth={ + "Eric Young's PKCS#1 RSA", + RSA_eay_public_encrypt, + RSA_eay_public_decrypt, + RSA_eay_private_encrypt, + RSA_eay_private_decrypt, + RSA_eay_mod_exp, + BN_mod_exp, + NULL, + NULL, + }; + +RSA_METHOD *RSA_PKCS1_SSLeay() + { + return(&rsa_pkcs1_eay_meth); + } + +static int RSA_eay_public_encrypt(flen, from, to, rsa, padding) +int flen; +unsigned char *from; +unsigned char *to; +RSA *rsa; +int padding; + { + BIGNUM *f=NULL,*ret=NULL; + int i,j,k,num=0,r= -1; + unsigned char *p; + unsigned char *buf=NULL; + BN_CTX *ctx=NULL; + + if ( (padding != RSA_PKCS1_PADDING) && + (padding != RSA_SSLV23_PADDING)) + { + RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,RSA_R_UNKNOWN_PADDING_TYPE); + goto err; + } + + ctx=BN_CTX_new(); + if (ctx == NULL) goto err; + + num=BN_num_bytes(rsa->n); + if (flen > (num-11)) + { + RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); + goto err; + } + + buf=(unsigned char *)Malloc(num); + if (buf == NULL) + { + RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,ERR_R_MALLOC_FAILURE); + goto err; + } + p=(unsigned char *)buf; + + *(p++)=0; + *(p++)=2; /* Public Key BT (Block Type) */ + + /* pad out with non-zero random data */ + j=num-3-flen; + + RAND_bytes(p,j); + for (i=0; i<j; i++) + { + if (*p == '\0') + do { + RAND_bytes(p,1); + } while (*p == '\0'); + p++; + } + + if (padding == RSA_SSLV23_PADDING) + memset(&(p[-8]),3,8); + + *(p++)='\0'; + + memcpy(p,from,(unsigned int)flen); + + f=BN_new(); + ret=BN_new(); + if ((f == NULL) || (ret == NULL)) goto err; + + if (BN_bin2bn(buf,num,f) == NULL) goto err; + if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx)) goto err; + + /* put in leading 0 bytes if the number is less than the + * length of the modulus */ + j=BN_num_bytes(ret); + i=BN_bn2bin(ret,&(to[num-j])); + for (k=0; k<(num-i); k++) + to[k]=0; + + r=num; +err: + if (ctx != NULL) BN_CTX_free(ctx); + if (f != NULL) BN_free(f); + if (ret != NULL) BN_free(ret); + if (buf != NULL) + { + memset(buf,0,num); + Free(buf); + } + return(r); + } + +static int RSA_eay_private_encrypt(flen, from, to, rsa, padding) +int flen; +unsigned char *from; +unsigned char *to; +RSA *rsa; +int padding; + { + BIGNUM *f=NULL,*ret=NULL; + int i,j,k,num=0,r= -1; + unsigned char *p; + unsigned char *buf=NULL; + BN_CTX *ctx=NULL; + + if (padding != RSA_PKCS1_PADDING) + { + RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,RSA_R_UNKNOWN_PADDING_TYPE); + goto err; + } + + ctx=BN_CTX_new(); + if (ctx == NULL) goto err; + + num=BN_num_bytes(rsa->n); + if (flen > (num-11)) + { + RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); + goto err; + } + buf=(unsigned char *)Malloc(num); + if (buf == NULL) + { + RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,ERR_R_MALLOC_FAILURE); + goto err; + } + p=buf; + + *(p++)=0; + *(p++)=1; /* Private Key BT (Block Type) */ + + /* padd out with 0xff data */ + j=num-3-flen; + for (i=0; i<j; i++) + *(p++)=0xff; + *(p++)='\0'; + memcpy(p,from,(unsigned int)flen); + ret=BN_new(); + f=BN_new(); + if ((ret == NULL) || (f == NULL)) goto err; + if (BN_bin2bn(buf,num,f) == NULL) goto err; + if ( (rsa->p != NULL) && + (rsa->q != NULL) && + (rsa->dmp1 != NULL) && + (rsa->dmq1 != NULL) && + (rsa->iqmp != NULL)) + { if (!rsa->meth->rsa_mod_exp(ret,f,rsa)) goto err; } + else + { if (!rsa->meth->bn_mod_exp(ret,f,rsa->d,rsa->n,ctx)) goto err; } + + p=buf; + BN_bn2bin(ret,p); + + /* put in leading 0 bytes if the number is less than the + * length of the modulus */ + j=BN_num_bytes(ret); + i=BN_bn2bin(ret,&(to[num-j])); + for (k=0; k<(num-i); k++) + to[k]=0; + + r=num; +err: + if (ctx != NULL) BN_CTX_free(ctx); + if (ret != NULL) BN_free(ret); + if (f != NULL) BN_free(f); + if (buf != NULL) + { + memset(buf,0,num); + Free(buf); + } + return(r); + } + +static int RSA_eay_private_decrypt(flen, from, to, rsa,padding) +int flen; +unsigned char *from; +unsigned char *to; +RSA *rsa; +int padding; + { + BIGNUM *f=NULL,*ret=NULL; + int i,j,num=0,r= -1; + unsigned char *p; + unsigned char *buf=NULL; + BN_CTX *ctx=NULL; + + if ((padding != RSA_PKCS1_PADDING) && (padding != RSA_SSLV23_PADDING)) + { + RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_UNKNOWN_PADDING_TYPE); + goto err; + } + + ctx=BN_CTX_new(); + if (ctx == NULL) goto err; + + num=BN_num_bytes(rsa->n); + + buf=(unsigned char *)Malloc(num); + if (buf == NULL) + { + RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,ERR_R_MALLOC_FAILURE); + goto err; + } + + /* This check was for equallity but PGP does evil things + * and chops off the top '0' bytes */ + if (flen > num) + { + RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_DATA_GREATER_THAN_MOD_LEN); + goto err; + } + + /* make data into a big number */ + ret=BN_new(); + f=BN_new(); + if ((ret == NULL) || (f == NULL)) goto err; + if (BN_bin2bn(from,(int)flen,f) == NULL) goto err; + /* do the decrypt */ + if ( (rsa->p != NULL) && + (rsa->q != NULL) && + (rsa->dmp1 != NULL) && + (rsa->dmq1 != NULL) && + (rsa->iqmp != NULL)) + { if (!rsa->meth->rsa_mod_exp(ret,f,rsa)) goto err; } + else + { if (!rsa->meth->bn_mod_exp(ret,f,rsa->d,rsa->n,ctx)) goto err; } + + p=buf; + BN_bn2bin(ret,p); + + /* BT must be 02 */ + if (*(p++) != 02) + { + RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_BLOCK_TYPE_IS_NOT_02); + goto err; + } + + /* scan over padding data */ + j=num-2; /* one for type and one for the prepended 0. */ + for (i=0; i<j; i++) + if (*(p++) == 0) break; + + if (i == j) + { + RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_NULL_BEFORE_BLOCK_MISSING); + goto err; + } + + if (i < 8) + { + RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_BAD_PAD_BYTE_COUNT); + goto err; + } + +#undef RSA_DEBUG +#ifdef RSA_DEBUG + { + int z; + unsigned char *q; + q= &(p[-9]); + fprintf(stderr,"\n"); + for (z=0; z<8; z++) fprintf(stderr,"%02X",q[z]); + fprintf(stderr,"\n"); + } +#endif + + if (padding == RSA_SSLV23_PADDING) + { + int z; + unsigned char *q; + + /* -9 because we have jumped the '\0' */ + q= &(p[-9]); + for (z=0; z<8; z++) + { + if (*(q++) != 0x03) + break; + } + if (z == 8) + { + RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_SSLV3_ROLLBACK_ATTACK); + goto err; + } + } + + /* skip over the '\0' */ + i++; + j-=i; + + /* output data */ + memcpy(to,p,(unsigned int)j); + r=j; +err: + if (ctx != NULL) BN_CTX_free(ctx); + if (f != NULL) BN_free(f); + if (ret != NULL) BN_free(ret); + if (buf != NULL) + { + memset(buf,0,num); + Free(buf); + } + return(r); + } + +static int RSA_eay_public_decrypt(flen, from, to, rsa, padding) +int flen; +unsigned char *from; +unsigned char *to; +RSA *rsa; +int padding; + { + BIGNUM *f=NULL,*ret=NULL; + int i,j,num=0,r= -1; + unsigned char *p; + unsigned char *buf=NULL; + BN_CTX *ctx=NULL; + + if (padding != RSA_PKCS1_PADDING) + { + RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_UNKNOWN_PADDING_TYPE); + goto err; + } + + ctx=BN_CTX_new(); + if (ctx == NULL) goto err; + + num=BN_num_bytes(rsa->n); + buf=(unsigned char *)Malloc(num); + if (buf == NULL) + { + RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,ERR_R_MALLOC_FAILURE); + goto err; + } + + /* This check was for equallity but PGP does evil things + * and chops off the top '0' bytes */ + if (flen > num) + { + RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_DATA_GREATER_THAN_MOD_LEN); + goto err; + } + + /* make data into a big number */ + f=BN_new(); + ret=BN_new(); + if ((f == NULL) || (ret == NULL)) goto err; + + if (BN_bin2bn(from,flen,f) == NULL) goto err; + /* do the decrypt */ + if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx)) goto err; + + p=buf; + i=BN_bn2bin(ret,p); + + /* BT must be 01 */ + if (*(p++) != 01) + { + RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_BLOCK_TYPE_IS_NOT_01); + goto err; + } + + /* scan over padding data */ + j=num-2; /* one for type and one for the prepended 0. */ + for (i=0; i<j; i++) + { + if (*p != 0xff) /* should decrypt to 0xff */ + { + if (*p == 0) + { p++; break; } + else { + RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_BAD_FIXED_HEADER_DECRYPT); + goto err; + } + } + p++; + } + if (i == j) + { + RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_NULL_BEFORE_BLOCK_MISSING); + goto err; + } + if (i < 8) + { + RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_BAD_PAD_BYTE_COUNT); + goto err; + } + + /* skip over the '\0' */ + i++; + j-=i; + + /* output data */ + memcpy(to,p,(unsigned int)j); + r=j; +err: + if (ctx != NULL) BN_CTX_free(ctx); + if (f != NULL) BN_free(f); + if (ret != NULL) BN_free(ret); + if (buf != NULL) + { + memset(buf,0,num); + Free(buf); + } + return(r); + } + +static int RSA_eay_mod_exp(r0, I, rsa) +BIGNUM *r0; +BIGNUM *I; +RSA *rsa; + { + BIGNUM *r1=NULL,*m1=NULL; + int ret=0; + BN_CTX *ctx; + + if ((ctx=BN_CTX_new()) == NULL) goto err; + m1=BN_new(); + r1=BN_new(); + if ((m1 == NULL) || (r1 == NULL)) goto err; + + if (!BN_mod(r1,I,rsa->q,ctx)) goto err; + if (!rsa->meth->bn_mod_exp(m1,r1,rsa->dmq1,rsa->q,ctx)) goto err; + + if (!BN_mod(r1,I,rsa->p,ctx)) goto err; + if (!rsa->meth->bn_mod_exp(r0,r1,rsa->dmp1,rsa->p,ctx)) goto err; + + if (!BN_add(r1,r0,rsa->p)) goto err; + if (!BN_sub(r0,r1,m1)) goto err; + + if (!BN_mul(r1,r0,rsa->iqmp)) goto err; + if (!BN_mod(r0,r1,rsa->p,ctx)) goto err; + if (!BN_mul(r1,r0,rsa->q)) goto err; + if (!BN_add(r0,r1,m1)) goto err; + + ret=1; +err: + if (m1 != NULL) BN_free(m1); + if (r1 != NULL) BN_free(r1); + BN_CTX_free(ctx); + return(ret); + } + + diff --git a/crypto/rsa/rsa_err.c b/crypto/rsa/rsa_err.c new file mode 100644 index 0000000000..04a5ba201f --- /dev/null +++ b/crypto/rsa/rsa_err.c @@ -0,0 +1,111 @@ +/* lib/rsa/rsa_err.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +#include <stdio.h> +#include "err.h" +#include "rsa.h" + +/* BEGIN ERROR CODES */ +static ERR_STRING_DATA RSA_str_functs[]= + { +{ERR_PACK(0,RSA_F_RSA_EAY_PRIVATE_DECRYPT,0), "RSA_EAY_PRIVATE_DECRYPT"}, +{ERR_PACK(0,RSA_F_RSA_EAY_PRIVATE_ENCRYPT,0), "RSA_EAY_PRIVATE_ENCRYPT"}, +{ERR_PACK(0,RSA_F_RSA_EAY_PUBLIC_DECRYPT,0), "RSA_EAY_PUBLIC_DECRYPT"}, +{ERR_PACK(0,RSA_F_RSA_EAY_PUBLIC_ENCRYPT,0), "RSA_EAY_PUBLIC_ENCRYPT"}, +{ERR_PACK(0,RSA_F_RSA_GENERATE_KEY,0), "RSA_generate_key"}, +{ERR_PACK(0,RSA_F_RSA_NEW_METHOD,0), "RSA_new_method"}, +{ERR_PACK(0,RSA_F_RSA_PRINT,0), "RSA_print"}, +{ERR_PACK(0,RSA_F_RSA_PRINT_FP,0), "RSA_print_fp"}, +{ERR_PACK(0,RSA_F_RSA_SIGN,0), "RSA_sign"}, +{ERR_PACK(0,RSA_F_RSA_SIGN_ASN1_OCTET_STRING,0), "RSA_sign_ASN1_OCTET_STRING"}, +{ERR_PACK(0,RSA_F_RSA_VERIFY,0), "RSA_verify"}, +{ERR_PACK(0,RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,0), "RSA_verify_ASN1_OCTET_STRING"}, +{0,NULL}, + }; + +static ERR_STRING_DATA RSA_str_reasons[]= + { +{RSA_R_ALGORITHM_MISMATCH ,"algorithm mismatch"}, +{RSA_R_BAD_E_VALUE ,"bad e value"}, +{RSA_R_BAD_FIXED_HEADER_DECRYPT ,"bad fixed header decrypt"}, +{RSA_R_BAD_PAD_BYTE_COUNT ,"bad pad byte count"}, +{RSA_R_BAD_SIGNATURE ,"bad signature"}, +{RSA_R_BLOCK_TYPE_IS_NOT_01 ,"block type is not 01"}, +{RSA_R_BLOCK_TYPE_IS_NOT_02 ,"block type is not 02"}, +{RSA_R_DATA_GREATER_THAN_MOD_LEN ,"data greater than mod len"}, +{RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE ,"data too large for key size"}, +{RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY ,"digest too big for rsa key"}, +{RSA_R_NULL_BEFORE_BLOCK_MISSING ,"null before block missing"}, +{RSA_R_SSLV3_ROLLBACK_ATTACK ,"sslv3 rollback attack"}, +{RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD,"the asn1 object identifier is not known for this md"}, +{RSA_R_UNKNOWN_ALGORITHM_TYPE ,"unknown algorithm type"}, +{RSA_R_UNKNOWN_PADDING_TYPE ,"unknown padding type"}, +{RSA_R_WRONG_SIGNATURE_LENGTH ,"wrong signature length"}, +{0,NULL}, + }; + +void ERR_load_RSA_strings() + { + static int init=1; + + if (init) + { + init=0; + ERR_load_strings(ERR_LIB_RSA,RSA_str_functs); + ERR_load_strings(ERR_LIB_RSA,RSA_str_reasons); + } + } diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c new file mode 100644 index 0000000000..0cab3a5d73 --- /dev/null +++ b/crypto/rsa/rsa_gen.c @@ -0,0 +1,186 @@ +/* crypto/rsa/rsa_gen.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include <time.h> +#include "cryptlib.h" +#include "bn.h" +#include "rsa.h" + +RSA *RSA_generate_key(bits, e_value, callback) +int bits; +unsigned long e_value; +void (*callback)(P_I_I); + { + RSA *rsa=NULL; + BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL,*tmp; + int bitsp,bitsq,ok= -1,n=0; + BN_CTX *ctx=NULL,*ctx2=NULL; + + ctx=BN_CTX_new(); + if (ctx == NULL) goto err; + ctx2=BN_CTX_new(); + if (ctx2 == NULL) goto err; + r0=ctx->bn[0]; + r1=ctx->bn[1]; + r2=ctx->bn[2]; + r3=ctx->bn[3]; + ctx->tos+=4; + + bitsp=(bits+1)/2; + bitsq=bits-bitsp; + rsa=RSA_new(); + if (rsa == NULL) goto err; + + /* set e */ + rsa->e=BN_new(); + if (rsa->e == NULL) goto err; + if (!BN_set_word(rsa->e,e_value)) goto err; + + /* generate p and q */ + for (;;) + { + rsa->p=BN_generate_prime(bitsp,0,NULL,NULL,callback); + if (rsa->p == NULL) goto err; + if (!BN_sub(r2,rsa->p,BN_value_one())) goto err; + if (!BN_gcd(r1,r2,rsa->e,ctx)) goto err; + if (BN_is_one(r1)) break; + if (callback != NULL) callback(2,n++); + BN_free(rsa->p); + } + if (callback != NULL) callback(3,0); + for (;;) + { + rsa->q=BN_generate_prime(bitsq,0,NULL,NULL,callback); + if (rsa->q == NULL) goto err; + if (!BN_sub(r2,rsa->q,BN_value_one())) goto err; + if (!BN_gcd(r1,r2,rsa->e,ctx)) goto err; + if (BN_is_one(r1) && (BN_cmp(rsa->p,rsa->q) != 0)) + break; + if (callback != NULL) callback(2,n++); + BN_free(rsa->q); + } + if (callback != NULL) callback(3,1); + if (BN_cmp(rsa->p,rsa->q) < 0) + { + tmp=rsa->p; + rsa->p=rsa->q; + rsa->q=tmp; + } + + /* calculate n */ + rsa->n=BN_new(); + if (rsa->n == NULL) goto err; + if (!BN_mul(rsa->n,rsa->p,rsa->q)) goto err; + + /* calculate d */ + if (!BN_sub(r1,rsa->p,BN_value_one())) goto err; /* p-1 */ + if (!BN_sub(r2,rsa->q,BN_value_one())) goto err; /* q-1 */ + if (!BN_mul(r0,r1,r2)) goto err; /* (p-1)(q-1) */ + +/* should not be needed, since gcd(p-1,e) == 1 and gcd(q-1,e) == 1 */ +/* for (;;) + { + if (!BN_gcd(r3,r0,rsa->e,ctx)) goto err; + if (BN_is_one(r3)) break; + + if (1) + { + if (!BN_add_word(rsa->e,2L)) goto err; + continue; + } + RSAerr(RSA_F_RSA_GENERATE_KEY,RSA_R_BAD_E_VALUE); + goto err; + } +*/ + rsa->d=(BIGNUM *)BN_mod_inverse(rsa->e,r0,ctx2); /* d */ + if (rsa->d == NULL) goto err; + + /* calculate d mod (p-1) */ + rsa->dmp1=BN_new(); + if (rsa->dmp1 == NULL) goto err; + if (!BN_mod(rsa->dmp1,rsa->d,r1,ctx)) goto err; + + /* calculate d mod (q-1) */ + rsa->dmq1=BN_new(); + if (rsa->dmq1 == NULL) goto err; + if (!BN_mod(rsa->dmq1,rsa->d,r2,ctx)) goto err; + + /* calculate inverse of q mod p */ + rsa->iqmp=BN_mod_inverse(rsa->q,rsa->p,ctx2); + if (rsa->iqmp == NULL) goto err; + + ok=1; +err: + if (ok == -1) + { + RSAerr(RSA_F_RSA_GENERATE_KEY,ERR_LIB_BN); + ok=0; + } + BN_CTX_free(ctx); + BN_CTX_free(ctx2); + + if (!ok) + { + if (rsa != NULL) RSA_free(rsa); + return(NULL); + } + else + return(rsa); + } + diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c new file mode 100644 index 0000000000..c49d0ee0c3 --- /dev/null +++ b/crypto/rsa/rsa_lib.c @@ -0,0 +1,200 @@ +/* crypto/rsa/rsa_lib.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include "cryptlib.h" +#include "bn.h" +#include "rsa.h" + +char *RSA_version="RSA part of SSLeay 0.8.1b 29-Jun-1998"; + +static RSA_METHOD *default_RSA_meth=NULL; + +RSA *RSA_new() + { + return(RSA_new_method(NULL)); + } + +void RSA_set_default_method(meth) +RSA_METHOD *meth; + { + default_RSA_meth=meth; + } + +RSA *RSA_new_method(meth) +RSA_METHOD *meth; + { + RSA *ret; + + if (default_RSA_meth == NULL) + { +#ifdef RSAref + default_RSA_meth=RSA_PKCS1_RSAref(); +#else + default_RSA_meth=RSA_PKCS1_SSLeay(); +#endif + } + ret=(RSA *)Malloc(sizeof(RSA)); + if (ret == NULL) + { + RSAerr(RSA_F_RSA_NEW_METHOD,ERR_R_MALLOC_FAILURE); + return(NULL); + } + + if (meth == NULL) + ret->meth=default_RSA_meth; + else + ret->meth=meth; + + ret->pad=0; + ret->version=0; + ret->n=NULL; + ret->e=NULL; + ret->d=NULL; + ret->p=NULL; + ret->q=NULL; + ret->dmp1=NULL; + ret->dmq1=NULL; + ret->iqmp=NULL; + ret->references=1; + ret->app_data=NULL; + if ((ret->meth->init != NULL) && !ret->meth->init(ret)) + { + Free(ret); + ret=NULL; + } + return(ret); + } + +void RSA_free(r) +RSA *r; + { + int i; + + if (r == NULL) return; + + i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_RSA); + if (i > 0) return; +#ifdef REF_CHECK + if (i < 0) + { + fprintf(stderr,"RSA_free, bad reference count\n"); + abort(); + } +#endif + + if (r->meth->finish != NULL) + r->meth->finish(r); + + if (r->n != NULL) BN_clear_free(r->n); + if (r->e != NULL) BN_clear_free(r->e); + if (r->d != NULL) BN_clear_free(r->d); + if (r->p != NULL) BN_clear_free(r->p); + if (r->q != NULL) BN_clear_free(r->q); + if (r->dmp1 != NULL) BN_clear_free(r->dmp1); + if (r->dmq1 != NULL) BN_clear_free(r->dmq1); + if (r->iqmp != NULL) BN_clear_free(r->iqmp); + Free(r); + } + +int RSA_size(r) +RSA *r; + { + return(BN_num_bytes(r->n)); + } + +int RSA_public_encrypt(flen, from, to, rsa, padding) +int flen; +unsigned char *from; +unsigned char *to; +RSA *rsa; +int padding; + { + return(rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding)); + } + +int RSA_private_encrypt(flen, from, to, rsa, padding) +int flen; +unsigned char *from; +unsigned char *to; +RSA *rsa; +int padding; + { + return(rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding)); + } + +int RSA_private_decrypt(flen, from, to, rsa, padding) +int flen; +unsigned char *from; +unsigned char *to; +RSA *rsa; +int padding; + { + return(rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding)); + } + +int RSA_public_decrypt(flen, from, to, rsa, padding) +int flen; +unsigned char *from; +unsigned char *to; +RSA *rsa; +int padding; + { + return(rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding)); + } + diff --git a/crypto/rsa/rsa_saos.c b/crypto/rsa/rsa_saos.c new file mode 100644 index 0000000000..62c211231a --- /dev/null +++ b/crypto/rsa/rsa_saos.c @@ -0,0 +1,153 @@ +/* crypto/rsa/rsa_saos.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include "cryptlib.h" +#include "bn.h" +#include "rsa.h" +#include "objects.h" +#include "x509.h" + +int RSA_sign_ASN1_OCTET_STRING(type,m,m_len,sigret,siglen,rsa) +int type; +unsigned char *m; +unsigned int m_len; +unsigned char *sigret; +unsigned int *siglen; +RSA *rsa; + { + ASN1_OCTET_STRING sig; + int i,j,ret=1; + unsigned char *p,*s; + + sig.type=V_ASN1_OCTET_STRING; + sig.length=m_len; + sig.data=m; + + i=i2d_ASN1_OCTET_STRING(&sig,NULL); + j=RSA_size(rsa); + if ((i-RSA_PKCS1_PADDING) > j) + { + RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY); + return(0); + } + s=(unsigned char *)Malloc((unsigned int)j+1); + if (s == NULL) + { + RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING,ERR_R_MALLOC_FAILURE); + return(0); + } + p=s; + i2d_ASN1_OCTET_STRING(&sig,&p); + i=RSA_private_encrypt(i,s,sigret,rsa,RSA_PKCS1_PADDING); + if (i <= 0) + ret=0; + else + *siglen=i; + + memset(s,0,(unsigned int)j+1); + Free(s); + return(ret); + } + +int RSA_verify_ASN1_OCTET_STRING(dtype, m, m_len, sigbuf, siglen, rsa) +int dtype; +unsigned char *m; +unsigned int m_len; +unsigned char *sigbuf; +unsigned int siglen; +RSA *rsa; + { + int i,ret=0; + unsigned char *p,*s; + ASN1_OCTET_STRING *sig=NULL; + + if (siglen != (unsigned int)RSA_size(rsa)) + { + RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,RSA_R_WRONG_SIGNATURE_LENGTH); + return(0); + } + + s=(unsigned char *)Malloc((unsigned int)siglen); + if (s == NULL) + { + RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,ERR_R_MALLOC_FAILURE); + goto err; + } + i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING); + + if (i <= 0) goto err; + + p=s; + sig=d2i_ASN1_OCTET_STRING(NULL,&p,(long)i); + if (sig == NULL) goto err; + + if ( ((unsigned int)sig->length != m_len) || + (memcmp(m,sig->data,m_len) != 0)) + { + RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,RSA_R_BAD_SIGNATURE); + } + else + ret=1; +err: + if (sig != NULL) ASN1_OCTET_STRING_free(sig); + memset(s,0,(unsigned int)siglen); + Free(s); + return(ret); + } + diff --git a/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c new file mode 100644 index 0000000000..7c815ed257 --- /dev/null +++ b/crypto/rsa/rsa_sign.c @@ -0,0 +1,196 @@ +/* crypto/rsa/rsa_sign.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include "cryptlib.h" +#include "bn.h" +#include "rsa.h" +#include "objects.h" +#include "x509.h" + +int RSA_sign(type,m,m_len,sigret,siglen,rsa) +int type; +unsigned char *m; +unsigned int m_len; +unsigned char *sigret; +unsigned int *siglen; +RSA *rsa; + { + X509_SIG sig; + ASN1_TYPE parameter; + int i,j,ret=1; + unsigned char *p,*s; + X509_ALGOR algor; + ASN1_OCTET_STRING digest; + + sig.algor= &algor; + sig.algor->algorithm=OBJ_nid2obj(type); + if (sig.algor->algorithm == NULL) + { + RSAerr(RSA_F_RSA_SIGN,RSA_R_UNKNOWN_ALGORITHM_TYPE); + return(0); + } + if (sig.algor->algorithm->length == 0) + { + RSAerr(RSA_F_RSA_SIGN,RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD); + return(0); + } + parameter.type=V_ASN1_NULL; + parameter.value.ptr=NULL; + sig.algor->parameter= ¶meter; + + sig.digest= &digest; + sig.digest->data=m; + sig.digest->length=m_len; + + i=i2d_X509_SIG(&sig,NULL); + j=RSA_size(rsa); + if ((i-RSA_PKCS1_PADDING) > j) + { + RSAerr(RSA_F_RSA_SIGN,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY); + return(0); + } + s=(unsigned char *)Malloc((unsigned int)j+1); + if (s == NULL) + { + RSAerr(RSA_F_RSA_SIGN,ERR_R_MALLOC_FAILURE); + return(0); + } + p=s; + i2d_X509_SIG(&sig,&p); + i=RSA_private_encrypt(i,s,sigret,rsa,RSA_PKCS1_PADDING); + if (i <= 0) + ret=0; + else + *siglen=i; + + memset(s,0,(unsigned int)j+1); + Free(s); + return(ret); + } + +int RSA_verify(dtype, m, m_len, sigbuf, siglen, rsa) +int dtype; +unsigned char *m; +unsigned int m_len; +unsigned char *sigbuf; +unsigned int siglen; +RSA *rsa; + { + int i,ret=0,sigtype; + unsigned char *p,*s; + X509_SIG *sig=NULL; + + if (siglen != (unsigned int)RSA_size(rsa)) + { + RSAerr(RSA_F_RSA_VERIFY,RSA_R_WRONG_SIGNATURE_LENGTH); + return(0); + } + + s=(unsigned char *)Malloc((unsigned int)siglen); + if (s == NULL) + { + RSAerr(RSA_F_RSA_VERIFY,ERR_R_MALLOC_FAILURE); + goto err; + } + i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING); + + if (i <= 0) goto err; + + p=s; + sig=d2i_X509_SIG(NULL,&p,(long)i); + if (sig == NULL) goto err; + sigtype=OBJ_obj2nid(sig->algor->algorithm); + +#ifdef RSA_DEBUG + /* put a backward compatability flag in EAY */ + fprintf(stderr,"in(%s) expect(%s)\n",OBJ_nid2ln(sigtype), + OBJ_nid2ln(dtype)); +#endif + if (sigtype != dtype) + { + if (((dtype == NID_md5) && + (sigtype == NID_md5WithRSAEncryption)) || + ((dtype == NID_md2) && + (sigtype == NID_md2WithRSAEncryption))) + { + /* ok, we will let it through */ +#ifndef WIN16 + fprintf(stderr,"signature has problems, re-make with post SSLeay045\n"); +#endif + } + else + { + RSAerr(RSA_F_RSA_VERIFY,RSA_R_ALGORITHM_MISMATCH); + goto err; + } + } + if ( ((unsigned int)sig->digest->length != m_len) || + (memcmp(m,sig->digest->data,m_len) != 0)) + { + RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE); + } + else + ret=1; +err: + if (sig != NULL) X509_SIG_free(sig); + memset(s,0,(unsigned int)siglen); + Free(s); + return(ret); + } + |