xref: /titanic_50/usr/src/cmd/ssh/libssh/common/rsa.c (revision 7eea693d6b672899726e75993fddc4e95b52647f)
1 /*
2  * Author: Tatu Ylonen <ylo@cs.hut.fi>
3  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4  *                    All rights reserved
5  *
6  * As far as I am concerned, the code I have written for this software
7  * can be used freely for any purpose.  Any derived versions of this
8  * software must be clearly marked as such, and if the derived work is
9  * incompatible with the protocol description in the RFC file, it must be
10  * called by a name other than "ssh" or "Secure Shell".
11  *
12  *
13  * Copyright (c) 1999 Niels Provos.  All rights reserved.
14  *
15  * Redistribution and use in source and binary forms, with or without
16  * modification, are permitted provided that the following conditions
17  * are met:
18  * 1. Redistributions of source code must retain the above copyright
19  *    notice, this list of conditions and the following disclaimer.
20  * 2. Redistributions in binary form must reproduce the above copyright
21  *    notice, this list of conditions and the following disclaimer in the
22  *    documentation and/or other materials provided with the distribution.
23  *
24  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
25  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
26  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
27  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
28  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
29  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
30  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
31  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
32  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
33  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
34  *
35  *
36  * Description of the RSA algorithm can be found e.g. from the following
37  * sources:
38  *
39  *   Bruce Schneier: Applied Cryptography.  John Wiley & Sons, 1994.
40  *
41  *   Jennifer Seberry and Josed Pieprzyk: Cryptography: An Introduction to
42  *   Computer Security.  Prentice-Hall, 1989.
43  *
44  *   Man Young Rhee: Cryptography and Secure Data Communications.  McGraw-Hill,
45  *   1994.
46  *
47  *   R. Rivest, A. Shamir, and L. M. Adleman: Cryptographic Communications
48  *   System and Method.  US Patent 4,405,829, 1983.
49  *
50  *   Hans Riesel: Prime Numbers and Computer Methods for Factorization.
51  *   Birkhauser, 1994.
52  *
53  *   The RSA Frequently Asked Questions document by RSA Data Security,
54  *   Inc., 1995.
55  *
56  *   RSA in 3 lines of perl by Adam Back <aba@atlax.ex.ac.uk>, 1995, as
57  * included below:
58  *
59  *     [gone - had to be deleted - what a pity]
60  */
61 
62 #include "includes.h"
63 RCSID("$OpenBSD: rsa.c,v 1.24 2001/12/27 18:22:16 markus Exp $");
64 
65 #pragma ident	"%Z%%M%	%I%	%E% SMI"
66 
67 #include "rsa.h"
68 #include "log.h"
69 #include "xmalloc.h"
70 
71 void
72 rsa_public_encrypt(BIGNUM *out, BIGNUM *in, RSA *key)
73 {
74 	u_char *inbuf, *outbuf;
75 	int len, ilen, olen;
76 
77 	if (BN_num_bits(key->e) < 2 || !BN_is_odd(key->e))
78 		fatal("rsa_public_encrypt() exponent too small or not odd");
79 
80 	olen = BN_num_bytes(key->n);
81 	outbuf = xmalloc(olen);
82 
83 	ilen = BN_num_bytes(in);
84 	inbuf = xmalloc(ilen);
85 	BN_bn2bin(in, inbuf);
86 
87 	if ((len = RSA_public_encrypt(ilen, inbuf, outbuf, key,
88 	    RSA_PKCS1_PADDING)) <= 0)
89 		fatal("rsa_public_encrypt() failed");
90 
91 	BN_bin2bn(outbuf, len, out);
92 
93 	memset(outbuf, 0, olen);
94 	memset(inbuf, 0, ilen);
95 	xfree(outbuf);
96 	xfree(inbuf);
97 }
98 
99 int
100 rsa_private_decrypt(BIGNUM *out, BIGNUM *in, RSA *key)
101 {
102 	u_char *inbuf, *outbuf;
103 	int len, ilen, olen;
104 
105 	olen = BN_num_bytes(key->n);
106 	outbuf = xmalloc(olen);
107 
108 	ilen = BN_num_bytes(in);
109 	inbuf = xmalloc(ilen);
110 	BN_bn2bin(in, inbuf);
111 
112 	if ((len = RSA_private_decrypt(ilen, inbuf, outbuf, key,
113 	    RSA_PKCS1_PADDING)) <= 0) {
114 		error("rsa_private_decrypt() failed");
115 	} else {
116 		BN_bin2bn(outbuf, len, out);
117 	}
118 	memset(outbuf, 0, olen);
119 	memset(inbuf, 0, ilen);
120 	xfree(outbuf);
121 	xfree(inbuf);
122 	return len;
123 }
124 
125 /* calculate p-1 and q-1 */
126 void
127 rsa_generate_additional_parameters(RSA *rsa)
128 {
129 	BIGNUM *aux;
130 	BN_CTX *ctx;
131 
132 	if ((aux = BN_new()) == NULL)
133 		fatal("rsa_generate_additional_parameters: BN_new failed");
134 	if ((ctx = BN_CTX_new()) == NULL)
135 		fatal("rsa_generate_additional_parameters: BN_CTX_new failed");
136 
137 	BN_sub(aux, rsa->q, BN_value_one());
138 	BN_mod(rsa->dmq1, rsa->d, aux, ctx);
139 
140 	BN_sub(aux, rsa->p, BN_value_one());
141 	BN_mod(rsa->dmp1, rsa->d, aux, ctx);
142 
143 	BN_clear_free(aux);
144 	BN_CTX_free(ctx);
145 }
146 
147