#ifdef PK_PACKET int rsa_encrypt(const unsigned char *in, unsigned long len, unsigned char *out, unsigned long *outlen, prng_state *prng, int wprng, int cipher, rsa_key *key) { unsigned char sym_IV[MAXBLOCKSIZE], sym_key[MAXBLOCKSIZE], rsa_in[4096], rsa_out[4096]; symmetric_CTR ctr; unsigned long x, y, blklen, rsa_size; int keylen, errno;; _ARGCHK(in != NULL); _ARGCHK(out != NULL); _ARGCHK(outlen != NULL); _ARGCHK(key != NULL); /* are the parameters valid? */ if ((errno = prng_is_valid(wprng)) != CRYPT_OK) { return errno; } if ((errno = cipher_is_valid(cipher)) != CRYPT_OK) { return errno; } /* setup the CTR key */ keylen = 32; /* default to 256-bit keys */ if ((errno = cipher_descriptor[cipher].keysize(&keylen)) != CRYPT_OK) { return errno; } blklen = cipher_descriptor[cipher].block_length; if (prng_descriptor[wprng].read(sym_key, keylen, prng) != (unsigned long)keylen) { return CRYPT_ERROR_READPRNG; } if (prng_descriptor[wprng].read(sym_IV, blklen, prng) != blklen) { return CRYPT_ERROR_READPRNG; } /* setup CTR mode */ if ((errno = ctr_start(cipher, sym_IV, sym_key, keylen, 0, &ctr)) != CRYPT_OK) { return errno; } /* rsa_pad the symmetric key */ y = sizeof(rsa_in); if ((errno = rsa_pad(sym_key, keylen, rsa_in, &y, wprng, prng)) != CRYPT_OK) { return errno; } /* rsa encrypt it */ rsa_size = sizeof(rsa_out); if ((errno = rsa_exptmod(rsa_in, y, rsa_out, &rsa_size, PK_PUBLIC, key)) != CRYPT_OK) { return errno; } /* check size */ if (*outlen < (PACKET_SIZE+9+rsa_size+blklen+len)) { return CRYPT_BUFFER_OVERFLOW; } /* now lets make the header */ y = PACKET_SIZE; out[y++] = cipher_descriptor[cipher].ID; /* store the size of the RSA value */ STORE32L(rsa_size, (out+y)); y += 4; /* store the rsa value */ for (x = 0; x < rsa_size; x++, y++) { out[y] = rsa_out[x]; } /* store the IV used */ for (x = 0; x < blklen; x++, y++) { out[y] = sym_IV[x]; } /* store the length */ STORE32L(len, (out+y)); y += 4; /* encrypt the message */ if ((errno = ctr_encrypt(in, out+y, len, &ctr)) != CRYPT_OK) { return errno; } y += len; /* store the header */ packet_store_header(out, PACKET_SECT_RSA, PACKET_SUB_ENCRYPTED, y); #ifdef CLEAN_STACK /* clean up */ zeromem(sym_key, sizeof(sym_key)); zeromem(sym_IV, sizeof(sym_IV)); zeromem(&ctr, sizeof(ctr)); zeromem(rsa_in, sizeof(rsa_in)); zeromem(rsa_out, sizeof(rsa_out)); #endif *outlen = y; return CRYPT_OK; } int rsa_decrypt(const unsigned char *in, unsigned long len, unsigned char *out, unsigned long *outlen, rsa_key *key) { unsigned char sym_IV[MAXBLOCKSIZE], sym_key[MAXBLOCKSIZE], rsa_in[4096], rsa_out[4096]; symmetric_CTR ctr; unsigned long x, y, z, keylen, blklen, rsa_size; int cipher, errno; _ARGCHK(in != NULL); _ARGCHK(out != NULL); _ARGCHK(outlen != NULL); _ARGCHK(key != NULL); /* right key type? */ if (key->type != PK_PRIVATE && key->type != PK_PRIVATE_OPTIMIZED) { return CRYPT_PK_NOT_PRIVATE; } /* check the header */ if ((errno = packet_valid_header((unsigned char *)in, PACKET_SECT_RSA, PACKET_SUB_ENCRYPTED)) != CRYPT_OK) { return errno; } /* grab cipher name */ y = PACKET_SIZE; cipher = find_cipher_id(in[y++]); if (cipher == -1) { return CRYPT_INVALID_CIPHER; } keylen = MIN(cipher_descriptor[cipher].max_key_length, 32); blklen = cipher_descriptor[cipher].block_length; /* grab length of the rsa key */ LOAD32L(rsa_size, (in+y)) y += 4; /* read it in */ for (x = 0; x < rsa_size; x++, y++) { rsa_in[x] = in[y]; } /* decrypt it */ x = sizeof(rsa_out); if ((errno = rsa_exptmod(rsa_in, rsa_size, rsa_out, &x, PK_PRIVATE, key)) != CRYPT_OK) { return errno; } /* depad it */ z = sizeof(sym_key); if ((errno = rsa_depad(rsa_out, x, sym_key, &z)) != CRYPT_OK) { return errno; } /* read the IV in */ for (x = 0; x < blklen; x++, y++) { sym_IV[x] = in[y]; } /* setup CTR mode */ if ((errno = ctr_start(cipher, sym_IV, sym_key, keylen, 0, &ctr)) != CRYPT_OK) { return errno; } /* get len */ LOAD32L(len, (in+y)); y += 4; /* check size */ if (*outlen < len) { return CRYPT_BUFFER_OVERFLOW; } /* decrypt the message */ if ((errno = ctr_decrypt(in+y, out, len, &ctr)) != CRYPT_OK) { return errno; } #ifdef CLEAN_STACK /* clean up */ zeromem(sym_key, sizeof(sym_key)); zeromem(sym_IV, sizeof(sym_IV)); zeromem(&ctr, sizeof(ctr)); zeromem(rsa_in, sizeof(rsa_in)); zeromem(rsa_out, sizeof(rsa_out)); #endif *outlen = len; return CRYPT_OK; } /* Signature Message Format offset | length | Contents ---------------------------------------------------------------------- 0 | 1 | hash ID 1 | 4 | length of rsa_pad'ed signature 5 | p | the rsa_pad'ed signature */ int rsa_sign(const unsigned char *in, unsigned long inlen, unsigned char *out, unsigned long *outlen, int hash, rsa_key *key) { unsigned long hashlen, rsa_size, x, y, z; unsigned char rsa_in[4096], rsa_out[4096]; int errno; _ARGCHK(in != NULL); _ARGCHK(out != NULL); _ARGCHK(outlen != NULL); _ARGCHK(key != NULL); /* type of key? */ if (key->type != PK_PRIVATE && key->type != PK_PRIVATE_OPTIMIZED) { return CRYPT_PK_NOT_PRIVATE; } /* are the parameters valid? */ if ((errno = hash_is_valid(hash)) != CRYPT_OK) { return errno; } /* hash it */ hashlen = hash_descriptor[hash].hashsize; z = sizeof(rsa_in); if ((errno = hash_memory(hash, in, inlen, rsa_in, &z)) != CRYPT_OK) { return errno; } /* pad it */ x = sizeof(rsa_in); if ((errno = rsa_signpad(rsa_in, hashlen, rsa_out, &x)) != CRYPT_OK) { return errno; } /* sign it */ rsa_size = sizeof(rsa_in); if ((errno = rsa_exptmod(rsa_out, x, rsa_in, &rsa_size, PK_PRIVATE, key)) != CRYPT_OK) { return errno; } /* check size */ if (*outlen < (PACKET_SIZE+4+rsa_size)) { return CRYPT_BUFFER_OVERFLOW; } /* now lets output the message */ y = PACKET_SIZE; out[y++] = hash_descriptor[hash].ID; /* output the len */ STORE32L(rsa_size, (out+y)); y += 4; /* store the signature */ for (x = 0; x < rsa_size; x++, y++) { out[y] = rsa_in[x]; } /* store header */ packet_store_header(out, PACKET_SECT_RSA, PACKET_SUB_SIGNED, y); #ifdef CLEAN_STACK /* clean up */ zeromem(rsa_in, sizeof(rsa_in)); zeromem(rsa_out, sizeof(rsa_out)); #endif *outlen = y; return CRYPT_OK; } int rsa_verify(const unsigned char *sig, const unsigned char *msg, unsigned long inlen, int *stat, rsa_key *key) { unsigned long hashlen, rsa_size, x, y, z, w; int hash, errno; unsigned char rsa_in[4096], rsa_out[4096]; _ARGCHK(sig != NULL); _ARGCHK(msg != NULL); _ARGCHK(stat != NULL); _ARGCHK(key != NULL); /* always be incorrect by default */ *stat = 0; /* verify header */ if ((errno = packet_valid_header((unsigned char *)sig, PACKET_SECT_RSA, PACKET_SUB_SIGNED)) != CRYPT_OK) { return errno; } /* grab hash name */ y = PACKET_SIZE; hash = find_hash_id(sig[y++]); if (hash == -1) { return CRYPT_INVALID_HASH; } hashlen = hash_descriptor[hash].hashsize; /* get the len */ LOAD32L(rsa_size, (sig+y)); y += 4; /* load the signature */ for (x = 0; x < rsa_size; x++, y++) { rsa_in[x] = sig[y]; } /* exptmod it */ x = sizeof(rsa_in); if ((errno = rsa_exptmod(rsa_in, rsa_size, rsa_out, &x, PK_PUBLIC, key)) != CRYPT_OK) { return errno; } /* depad it */ z = sizeof(rsa_in); if ((errno = rsa_signdepad(rsa_out, x, rsa_in, &z)) != CRYPT_OK) { return errno; } /* check? */ w = sizeof(rsa_out); if ((errno = hash_memory(hash, msg, inlen, rsa_out, &w)) != CRYPT_OK) { return errno; } if ((z == hashlen) && (!memcmp(rsa_in, rsa_out, hashlen))) { *stat = 1; } #ifdef CLEAN_STACK zeromem(rsa_in, sizeof(rsa_in)); zeromem(rsa_out, sizeof(rsa_out)); #endif return CRYPT_OK; } #endif /* these are smaller routines written by Clay Culver. They do the same function as the rsa_encrypt/decrypt * except that they are used to RSA encrypt/decrypt a single value and not a packet. */ int rsa_encrypt_key(const unsigned char *inkey, unsigned long inlen, unsigned char *outkey, unsigned long *outlen, prng_state *prng, int wprng, rsa_key *key) { unsigned char rsa_in[4096], rsa_out[4096]; unsigned long x, y, rsa_size; int errno; _ARGCHK(inkey != NULL); _ARGCHK(outkey != NULL); _ARGCHK(outlen != NULL); _ARGCHK(key != NULL); /* are the parameters valid? */ if ((errno = prng_is_valid(wprng)) != CRYPT_OK) { return errno; } /* rsa_pad the symmetric key */ y = sizeof(rsa_in); if ((errno = rsa_pad(inkey, inlen, rsa_in, &y, wprng, prng)) != CRYPT_OK) { return CRYPT_ERROR; } /* rsa encrypt it */ rsa_size = sizeof(rsa_out); if ((errno = rsa_exptmod(rsa_in, y, rsa_out, &rsa_size, PK_PUBLIC, key)) != CRYPT_OK) { return CRYPT_ERROR; } /* check size */ if (*outlen < (PACKET_SIZE+4+rsa_size)) { return CRYPT_BUFFER_OVERFLOW; } /* now lets make the header */ y = PACKET_SIZE; /* store the size of the RSA value */ STORE32L(rsa_size, (outkey+y)); y += 4; /* store the rsa value */ for (x = 0; x < rsa_size; x++, y++) { outkey[y] = rsa_out[x]; } /* store header */ packet_store_header(outkey, PACKET_SECT_RSA, PACKET_SUB_ENC_KEY, y); #ifdef CLEAN_STACK /* clean up */ zeromem(rsa_in, sizeof(rsa_in)); zeromem(rsa_out, sizeof(rsa_out)); #endif *outlen = y; return CRYPT_OK; } int rsa_decrypt_key(const unsigned char *in, unsigned char *outkey, unsigned long *keylen, rsa_key *key) { unsigned char sym_key[MAXBLOCKSIZE], rsa_in[4096], rsa_out[4096]; unsigned long x, y, z, i, rsa_size; int errno; _ARGCHK(in != NULL); _ARGCHK(outkey != NULL); _ARGCHK(keylen != NULL); _ARGCHK(key != NULL); /* right key type? */ if (key->type != PK_PRIVATE && key->type != PK_PRIVATE_OPTIMIZED) { return CRYPT_PK_NOT_PRIVATE; } /* check the header */ if ((errno = packet_valid_header((unsigned char *)in, PACKET_SECT_RSA, PACKET_SUB_ENC_KEY)) != CRYPT_OK) { return errno; } /* grab length of the rsa key */ y = PACKET_SIZE; LOAD32L(rsa_size, (in+y)) y += 4; /* read it in */ for (x = 0; x < rsa_size; x++, y++) { rsa_in[x] = in[y]; } /* decrypt it */ x = sizeof(rsa_out); if ((errno = rsa_exptmod(rsa_in, rsa_size, rsa_out, &x, PK_PRIVATE, key)) != CRYPT_OK) return errno; /* depad it */ z = sizeof(sym_key); if ((errno = rsa_depad(rsa_out, x, sym_key, &z)) != CRYPT_OK) { return errno; } /* check size */ if (*keylen < z) { return CRYPT_BUFFER_OVERFLOW; } for (i = 0; i < z; i++) { outkey[i] = sym_key[i]; } #ifdef CLEAN_STACK /* clean up */ zeromem(sym_key, sizeof(sym_key)); zeromem(rsa_in, sizeof(rsa_in)); zeromem(rsa_out, sizeof(rsa_out)); #endif *keylen = z; return CRYPT_OK; } int rsa_sign_hash(const unsigned char *in, unsigned long inlen, unsigned char *out, unsigned long *outlen, rsa_key *key) { unsigned long rsa_size, x, y; unsigned char rsa_in[4096], rsa_out[4096]; int errno; _ARGCHK(in != NULL); _ARGCHK(out != NULL); _ARGCHK(outlen != NULL); _ARGCHK(key != NULL); /* type of key? */ if (key->type != PK_PRIVATE && key->type != PK_PRIVATE_OPTIMIZED) { return CRYPT_PK_NOT_PRIVATE; } /* pad it */ x = sizeof(rsa_out); if ((errno = rsa_signpad(in, inlen, rsa_out, &x)) != CRYPT_OK) { return errno; } /* sign it */ rsa_size = sizeof(rsa_in); if ((errno = rsa_exptmod(rsa_out, x, rsa_in, &rsa_size, PK_PRIVATE, key)) != CRYPT_OK) { return errno; } /* check size */ if (*outlen < (PACKET_SIZE+4+rsa_size)) { return CRYPT_BUFFER_OVERFLOW; } /* now lets output the message */ y = PACKET_SIZE; /* output the len */ STORE32L(rsa_size, (out+y)); y += 4; /* store the signature */ for (x = 0; x < rsa_size; x++, y++) { out[y] = rsa_in[x]; } /* store header */ packet_store_header(out, PACKET_SECT_RSA, PACKET_SUB_SIGNED, y); #ifdef CLEAN_STACK /* clean up */ zeromem(rsa_in, sizeof(rsa_in)); zeromem(rsa_out, sizeof(rsa_out)); #endif *outlen = y; return CRYPT_OK; } int rsa_verify_hash(const unsigned char *sig, const unsigned char *md, int *stat, rsa_key *key) { unsigned long rsa_size, x, y, z; unsigned char rsa_in[4096], rsa_out[4096]; int errno; _ARGCHK(sig != NULL); _ARGCHK(md != NULL); _ARGCHK(stat != NULL); _ARGCHK(key != NULL); /* always be incorrect by default */ *stat = 0; /* verify header */ if ((errno = packet_valid_header((unsigned char *)sig, PACKET_SECT_RSA, PACKET_SUB_SIGNED)) != CRYPT_OK) { return errno; } /* get the len */ y = PACKET_SIZE; LOAD32L(rsa_size, (sig+y)); y += 4; /* load the signature */ for (x = 0; x < rsa_size; x++, y++) { rsa_in[x] = sig[y]; } /* exptmod it */ x = sizeof(rsa_in); if ((errno = rsa_exptmod(rsa_in, rsa_size, rsa_out, &x, PK_PUBLIC, key)) != CRYPT_OK) { return errno; } /* depad it */ z = sizeof(rsa_in); if ((errno = rsa_signdepad(rsa_out, x, rsa_in, &z)) != CRYPT_OK) { return errno; } /* check? */ if (!memcmp(rsa_in, md, z)) { *stat = 1; } #ifdef CLEAN_STACK zeromem(rsa_in, sizeof(rsa_in)); zeromem(rsa_out, sizeof(rsa_out)); #endif return CRYPT_OK; }