|
@@ -1,269 +0,0 @@
|
1
|
|
-/*
|
2
|
|
- * Copyright (c) 2007, Cameron Rich
|
3
|
|
- *
|
4
|
|
- * All rights reserved.
|
5
|
|
- *
|
6
|
|
- * Redistribution and use in source and binary forms, with or without
|
7
|
|
- * modification, are permitted provided that the following conditions are met:
|
8
|
|
- *
|
9
|
|
- * * Redistributions of source code must retain the above copyright notice,
|
10
|
|
- * this list of conditions and the following disclaimer.
|
11
|
|
- * * Redistributions in binary form must reproduce the above copyright notice,
|
12
|
|
- * this list of conditions and the following disclaimer in the documentation
|
13
|
|
- * and/or other materials provided with the distribution.
|
14
|
|
- * * Neither the name of the axTLS project nor the names of its contributors
|
15
|
|
- * may be used to endorse or promote products derived from this software
|
16
|
|
- * without specific prior written permission.
|
17
|
|
- *
|
18
|
|
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
19
|
|
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
20
|
|
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
21
|
|
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
|
22
|
|
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
|
23
|
|
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
24
|
|
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
|
25
|
|
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
26
|
|
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
|
27
|
|
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
28
|
|
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
29
|
|
- */
|
30
|
|
-
|
31
|
|
-/**
|
32
|
|
- * Implements the RSA public encryption algorithm. Uses the bigint library to
|
33
|
|
- * perform its calculations.
|
34
|
|
- */
|
35
|
|
-
|
36
|
|
-#include <stdio.h>
|
37
|
|
-#include <string.h>
|
38
|
|
-#include <time.h>
|
39
|
|
-#include <stdlib.h>
|
40
|
|
-#include "os_port.h"
|
41
|
|
-#include "crypto.h"
|
42
|
|
-
|
43
|
|
-void RSA_priv_key_new(RSA_CTX **ctx,
|
44
|
|
- const uint8_t *modulus, int mod_len,
|
45
|
|
- const uint8_t *pub_exp, int pub_len,
|
46
|
|
- const uint8_t *priv_exp, int priv_len
|
47
|
|
-#if CONFIG_BIGINT_CRT
|
48
|
|
- , const uint8_t *p, int p_len,
|
49
|
|
- const uint8_t *q, int q_len,
|
50
|
|
- const uint8_t *dP, int dP_len,
|
51
|
|
- const uint8_t *dQ, int dQ_len,
|
52
|
|
- const uint8_t *qInv, int qInv_len
|
53
|
|
-#endif
|
54
|
|
- )
|
55
|
|
-{
|
56
|
|
- RSA_CTX *rsa_ctx;
|
57
|
|
- BI_CTX *bi_ctx;
|
58
|
|
- RSA_pub_key_new(ctx, modulus, mod_len, pub_exp, pub_len);
|
59
|
|
- rsa_ctx = *ctx;
|
60
|
|
- bi_ctx = rsa_ctx->bi_ctx;
|
61
|
|
- rsa_ctx->d = bi_import(bi_ctx, priv_exp, priv_len);
|
62
|
|
- bi_permanent(rsa_ctx->d);
|
63
|
|
-
|
64
|
|
-#ifdef CONFIG_BIGINT_CRT
|
65
|
|
- rsa_ctx->p = bi_import(bi_ctx, p, p_len);
|
66
|
|
- rsa_ctx->q = bi_import(bi_ctx, q, q_len);
|
67
|
|
- rsa_ctx->dP = bi_import(bi_ctx, dP, dP_len);
|
68
|
|
- rsa_ctx->dQ = bi_import(bi_ctx, dQ, dQ_len);
|
69
|
|
- rsa_ctx->qInv = bi_import(bi_ctx, qInv, qInv_len);
|
70
|
|
- bi_permanent(rsa_ctx->dP);
|
71
|
|
- bi_permanent(rsa_ctx->dQ);
|
72
|
|
- bi_permanent(rsa_ctx->qInv);
|
73
|
|
- bi_set_mod(bi_ctx, rsa_ctx->p, BIGINT_P_OFFSET);
|
74
|
|
- bi_set_mod(bi_ctx, rsa_ctx->q, BIGINT_Q_OFFSET);
|
75
|
|
-#endif
|
76
|
|
-}
|
77
|
|
-
|
78
|
|
-void RSA_pub_key_new(RSA_CTX **ctx,
|
79
|
|
- const uint8_t *modulus, int mod_len,
|
80
|
|
- const uint8_t *pub_exp, int pub_len)
|
81
|
|
-{
|
82
|
|
- RSA_CTX *rsa_ctx;
|
83
|
|
- BI_CTX *bi_ctx;
|
84
|
|
-
|
85
|
|
- if (*ctx) /* if we load multiple certs, dump the old one */
|
86
|
|
- RSA_free(*ctx);
|
87
|
|
-
|
88
|
|
- bi_ctx = bi_initialize();
|
89
|
|
- *ctx = (RSA_CTX *)calloc(1, sizeof(RSA_CTX));
|
90
|
|
- rsa_ctx = *ctx;
|
91
|
|
- rsa_ctx->bi_ctx = bi_ctx;
|
92
|
|
- rsa_ctx->num_octets = mod_len;
|
93
|
|
- rsa_ctx->m = bi_import(bi_ctx, modulus, mod_len);
|
94
|
|
- bi_set_mod(bi_ctx, rsa_ctx->m, BIGINT_M_OFFSET);
|
95
|
|
- rsa_ctx->e = bi_import(bi_ctx, pub_exp, pub_len);
|
96
|
|
- bi_permanent(rsa_ctx->e);
|
97
|
|
-}
|
98
|
|
-
|
99
|
|
-/**
|
100
|
|
- * Free up any RSA context resources.
|
101
|
|
- */
|
102
|
|
-void RSA_free(RSA_CTX *rsa_ctx)
|
103
|
|
-{
|
104
|
|
- BI_CTX *bi_ctx;
|
105
|
|
- if (rsa_ctx == NULL) /* deal with ptrs that are null */
|
106
|
|
- return;
|
107
|
|
-
|
108
|
|
- bi_ctx = rsa_ctx->bi_ctx;
|
109
|
|
-
|
110
|
|
- bi_depermanent(rsa_ctx->e);
|
111
|
|
- bi_free(bi_ctx, rsa_ctx->e);
|
112
|
|
- bi_free_mod(rsa_ctx->bi_ctx, BIGINT_M_OFFSET);
|
113
|
|
-
|
114
|
|
- if (rsa_ctx->d)
|
115
|
|
- {
|
116
|
|
- bi_depermanent(rsa_ctx->d);
|
117
|
|
- bi_free(bi_ctx, rsa_ctx->d);
|
118
|
|
-#ifdef CONFIG_BIGINT_CRT
|
119
|
|
- bi_depermanent(rsa_ctx->dP);
|
120
|
|
- bi_depermanent(rsa_ctx->dQ);
|
121
|
|
- bi_depermanent(rsa_ctx->qInv);
|
122
|
|
- bi_free(bi_ctx, rsa_ctx->dP);
|
123
|
|
- bi_free(bi_ctx, rsa_ctx->dQ);
|
124
|
|
- bi_free(bi_ctx, rsa_ctx->qInv);
|
125
|
|
- bi_free_mod(rsa_ctx->bi_ctx, BIGINT_P_OFFSET);
|
126
|
|
- bi_free_mod(rsa_ctx->bi_ctx, BIGINT_Q_OFFSET);
|
127
|
|
-#endif
|
128
|
|
- }
|
129
|
|
-
|
130
|
|
- bi_terminate(bi_ctx);
|
131
|
|
- free(rsa_ctx);
|
132
|
|
-}
|
133
|
|
-
|
134
|
|
-/**
|
135
|
|
- * @brief Use PKCS1.5 for decryption/verification.
|
136
|
|
- * @param ctx [in] The context
|
137
|
|
- * @param in_data [in] The data to encrypt (must be < modulus size-11)
|
138
|
|
- * @param out_data [out] The encrypted data.
|
139
|
|
- * @param is_decryption [in] Decryption or verify operation.
|
140
|
|
- * @return The number of bytes that were originally encrypted. -1 on error.
|
141
|
|
- * @see http://www.rsasecurity.com/rsalabs/node.asp?id=2125
|
142
|
|
- */
|
143
|
|
-int RSA_decrypt(const RSA_CTX *ctx, const uint8_t *in_data,
|
144
|
|
- uint8_t *out_data, int is_decryption)
|
145
|
|
-{
|
146
|
|
- const int byte_size = ctx->num_octets;
|
147
|
|
- int i, size;
|
148
|
|
- bigint *decrypted_bi, *dat_bi;
|
149
|
|
- uint8_t *block = (uint8_t *)alloca(byte_size);
|
150
|
|
-
|
151
|
|
- memset(out_data, 0, byte_size); /* initialise */
|
152
|
|
-
|
153
|
|
- /* decrypt */
|
154
|
|
- dat_bi = bi_import(ctx->bi_ctx, in_data, byte_size);
|
155
|
|
-#ifdef CONFIG_SSL_CERT_VERIFICATION
|
156
|
|
- decrypted_bi = is_decryption ? /* decrypt or verify? */
|
157
|
|
- RSA_private(ctx, dat_bi) : RSA_public(ctx, dat_bi);
|
158
|
|
-#else /* always a decryption */
|
159
|
|
- decrypted_bi = RSA_private(ctx, dat_bi);
|
160
|
|
-#endif
|
161
|
|
-
|
162
|
|
- /* convert to a normal block */
|
163
|
|
- bi_export(ctx->bi_ctx, decrypted_bi, block, byte_size);
|
164
|
|
-
|
165
|
|
- i = 10; /* start at the first possible non-padded byte */
|
166
|
|
-
|
167
|
|
-#ifdef CONFIG_SSL_CERT_VERIFICATION
|
168
|
|
- if (is_decryption == 0) /* PKCS1.5 signing pads with "0xff"s */
|
169
|
|
- {
|
170
|
|
- while (block[i++] == 0xff && i < byte_size);
|
171
|
|
-
|
172
|
|
- if (block[i-2] != 0xff)
|
173
|
|
- i = byte_size; /*ensure size is 0 */
|
174
|
|
- }
|
175
|
|
- else /* PKCS1.5 encryption padding is random */
|
176
|
|
-#endif
|
177
|
|
- {
|
178
|
|
- while (block[i++] && i < byte_size);
|
179
|
|
- }
|
180
|
|
- size = byte_size - i;
|
181
|
|
-
|
182
|
|
- /* get only the bit we want */
|
183
|
|
- if (size > 0)
|
184
|
|
- memcpy(out_data, &block[i], size);
|
185
|
|
-
|
186
|
|
- return size ? size : -1;
|
187
|
|
-}
|
188
|
|
-
|
189
|
|
-/**
|
190
|
|
- * Performs m = c^d mod n
|
191
|
|
- */
|
192
|
|
-bigint *RSA_private(const RSA_CTX *c, bigint *bi_msg)
|
193
|
|
-{
|
194
|
|
-#ifdef CONFIG_BIGINT_CRT
|
195
|
|
- return bi_crt(c->bi_ctx, bi_msg, c->dP, c->dQ, c->p, c->q, c->qInv);
|
196
|
|
-#else
|
197
|
|
- BI_CTX *ctx = c->bi_ctx;
|
198
|
|
- ctx->mod_offset = BIGINT_M_OFFSET;
|
199
|
|
- return bi_mod_power(ctx, bi_msg, c->d);
|
200
|
|
-#endif
|
201
|
|
-}
|
202
|
|
-
|
203
|
|
-#ifdef CONFIG_SSL_FULL_MODE
|
204
|
|
-/**
|
205
|
|
- * Used for diagnostics.
|
206
|
|
- */
|
207
|
|
-void RSA_print(const RSA_CTX *rsa_ctx)
|
208
|
|
-{
|
209
|
|
- if (rsa_ctx == NULL)
|
210
|
|
- return;
|
211
|
|
-
|
212
|
|
- printf("----------------- RSA DEBUG ----------------\n");
|
213
|
|
- printf("Size:\t%d\n", rsa_ctx->num_octets);
|
214
|
|
- bi_print("Modulus", rsa_ctx->m);
|
215
|
|
- bi_print("Public Key", rsa_ctx->e);
|
216
|
|
- bi_print("Private Key", rsa_ctx->d);
|
217
|
|
-}
|
218
|
|
-#endif
|
219
|
|
-
|
220
|
|
-#if defined(CONFIG_SSL_CERT_VERIFICATION) || defined(CONFIG_SSL_GENERATE_X509_CERT)
|
221
|
|
-/**
|
222
|
|
- * Performs c = m^e mod n
|
223
|
|
- */
|
224
|
|
-bigint *RSA_public(const RSA_CTX * c, bigint *bi_msg)
|
225
|
|
-{
|
226
|
|
- c->bi_ctx->mod_offset = BIGINT_M_OFFSET;
|
227
|
|
- return bi_mod_power(c->bi_ctx, bi_msg, c->e);
|
228
|
|
-}
|
229
|
|
-
|
230
|
|
-/**
|
231
|
|
- * Use PKCS1.5 for encryption/signing.
|
232
|
|
- * see http://www.rsasecurity.com/rsalabs/node.asp?id=2125
|
233
|
|
- */
|
234
|
|
-int RSA_encrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint16_t in_len,
|
235
|
|
- uint8_t *out_data, int is_signing)
|
236
|
|
-{
|
237
|
|
- int byte_size = ctx->num_octets;
|
238
|
|
- int num_pads_needed = byte_size-in_len-3;
|
239
|
|
- bigint *dat_bi, *encrypt_bi;
|
240
|
|
-
|
241
|
|
- /* note: in_len+11 must be > byte_size */
|
242
|
|
- out_data[0] = 0; /* ensure encryption block is < modulus */
|
243
|
|
-
|
244
|
|
- if (is_signing)
|
245
|
|
- {
|
246
|
|
- out_data[1] = 1; /* PKCS1.5 signing pads with "0xff"'s */
|
247
|
|
- memset(&out_data[2], 0xff, num_pads_needed);
|
248
|
|
- }
|
249
|
|
- else /* randomize the encryption padding with non-zero bytes */
|
250
|
|
- {
|
251
|
|
- out_data[1] = 2;
|
252
|
|
- get_random_NZ(num_pads_needed, &out_data[2]);
|
253
|
|
- }
|
254
|
|
-
|
255
|
|
- out_data[2+num_pads_needed] = 0;
|
256
|
|
- memcpy(&out_data[3+num_pads_needed], in_data, in_len);
|
257
|
|
-
|
258
|
|
- /* now encrypt it */
|
259
|
|
- dat_bi = bi_import(ctx->bi_ctx, out_data, byte_size);
|
260
|
|
- encrypt_bi = is_signing ? RSA_private(ctx, dat_bi) :
|
261
|
|
- RSA_public(ctx, dat_bi);
|
262
|
|
- bi_export(ctx->bi_ctx, encrypt_bi, out_data, byte_size);
|
263
|
|
-
|
264
|
|
- /* save a few bytes of memory */
|
265
|
|
- bi_clear_cache(ctx->bi_ctx);
|
266
|
|
- return byte_size;
|
267
|
|
-}
|
268
|
|
-
|
269
|
|
-#endif /* CONFIG_SSL_CERT_VERIFICATION */
|