1
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
3
* LibTomCrypt is a library that provides various cryptographic
4
* algorithms in a highly modular and flexible manner.
6
* The library is free for all purposes without any express
9
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
12
/* RSA Code by Tom St Denis */
17
int rsa_signpad(const unsigned char *in, unsigned long inlen,
18
unsigned char *out, unsigned long *outlen)
24
_ARGCHK(outlen != NULL);
26
if (*outlen < (3 * inlen)) {
27
return CRYPT_BUFFER_OVERFLOW;
31
if (inlen > MAX_RSA_SIZE/8) {
32
return CRYPT_PK_INVALID_SIZE;
35
for (y = x = 0; x < inlen; x++)
36
out[y++] = (unsigned char)0xFF;
37
for (x = 0; x < inlen; x++)
39
for (x = 0; x < inlen; x++)
40
out[y++] = (unsigned char)0xFF;
45
int rsa_pad(const unsigned char *in, unsigned long inlen,
46
unsigned char *out, unsigned long *outlen,
47
int wprng, prng_state *prng)
49
unsigned char buf[3*(MAX_RSA_SIZE/8)];
55
_ARGCHK(outlen != NULL);
57
/* is output big enough? */
58
if (*outlen < (3 * inlen)) {
59
return CRYPT_BUFFER_OVERFLOW;
62
/* get random padding required */
63
if ((err = prng_is_valid(wprng)) != CRYPT_OK) {
68
if (inlen > (MAX_RSA_SIZE/8)) {
69
return CRYPT_PK_INVALID_SIZE;
72
if (prng_descriptor[wprng].read(buf, inlen*2-2, prng) != (inlen*2 - 2)) {
73
return CRYPT_ERROR_READPRNG;
76
/* pad it like a sandwhich
78
* Looks like 0xFF R1 M R2 0xFF
80
* Where R1/R2 are random and exactly equal to the length of M minus one byte.
82
for (x = 0; x < inlen-1; x++) {
86
for (x = 0; x < inlen; x++) {
90
for (x = 0; x < inlen-1; x++) {
91
out[x+inlen+inlen] = buf[x+inlen-1];
94
/* last and first bytes are 0xFF */
95
out[0] = out[inlen+inlen+inlen-1] = (unsigned char)0xFF;
97
/* clear up and return */
99
zeromem(buf, sizeof(buf));
105
int rsa_signdepad(const unsigned char *in, unsigned long inlen,
106
unsigned char *out, unsigned long *outlen)
111
_ARGCHK(out != NULL);
112
_ARGCHK(outlen != NULL);
114
if (*outlen < inlen/3) {
115
return CRYPT_BUFFER_OVERFLOW;
118
/* check padding bytes */
119
for (x = 0; x < inlen/3; x++) {
120
if (in[x] != (unsigned char)0xFF || in[x+(inlen/3)+(inlen/3)] != (unsigned char)0xFF) {
121
return CRYPT_INVALID_PACKET;
124
for (x = 0; x < inlen/3; x++) {
125
out[x] = in[x+(inlen/3)];
131
int rsa_depad(const unsigned char *in, unsigned long inlen,
132
unsigned char *out, unsigned long *outlen)
137
_ARGCHK(out != NULL);
138
_ARGCHK(outlen != NULL);
140
if (*outlen < inlen/3) {
141
return CRYPT_BUFFER_OVERFLOW;
143
for (x = 0; x < inlen/3; x++) {
144
out[x] = in[x+(inlen/3)];
150
int rsa_export(unsigned char *out, unsigned long *outlen, int type, rsa_key *key)
155
_ARGCHK(out != NULL);
156
_ARGCHK(outlen != NULL);
157
_ARGCHK(key != NULL);
159
/* can we store the static header? */
160
if (*outlen < (PACKET_SIZE + 1)) {
161
return CRYPT_BUFFER_OVERFLOW;
165
if (!(key->type == PK_PRIVATE || key->type == PK_PRIVATE_OPTIMIZED) &&
166
(type == PK_PRIVATE || type == PK_PRIVATE_OPTIMIZED)) {
167
return CRYPT_PK_INVALID_TYPE;
170
/* start at offset y=PACKET_SIZE */
173
/* output key type */
177
OUTPUT_BIGNUM(&key->N, out, y, z);
179
/* output public key */
180
OUTPUT_BIGNUM(&key->e, out, y, z);
182
if (type == PK_PRIVATE || type == PK_PRIVATE_OPTIMIZED) {
183
OUTPUT_BIGNUM(&key->d, out, y, z);
186
if (type == PK_PRIVATE_OPTIMIZED) {
187
OUTPUT_BIGNUM(&key->dQ, out, y, z);
188
OUTPUT_BIGNUM(&key->dP, out, y, z);
189
OUTPUT_BIGNUM(&key->pQ, out, y, z);
190
OUTPUT_BIGNUM(&key->qP, out, y, z);
191
OUTPUT_BIGNUM(&key->p, out, y, z);
192
OUTPUT_BIGNUM(&key->q, out, y, z);
195
/* store packet header */
196
packet_store_header(out, PACKET_SECT_RSA, PACKET_SUB_KEY);
198
/* copy to the user buffer */
201
/* clear stack and return */
205
int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key *key)
211
_ARGCHK(key != NULL);
214
if (inlen < (1+PACKET_SIZE)) {
215
return CRYPT_INVALID_PACKET;
218
/* test packet header */
219
if ((err = packet_valid_header((unsigned char *)in, PACKET_SECT_RSA, PACKET_SUB_KEY)) != CRYPT_OK) {
224
if ((err = mp_init_multi(&key->e, &key->d, &key->N, &key->dQ, &key->dP, &key->qP,
225
&key->pQ, &key->p, &key->q, NULL)) != MP_OKAY) {
226
return mpi_to_ltc_error(err);
231
key->type = (int)in[y++];
233
/* load the modulus */
234
INPUT_BIGNUM(&key->N, in, x, y, inlen);
236
/* load public exponent */
237
INPUT_BIGNUM(&key->e, in, x, y, inlen);
239
/* get private exponent */
240
if (key->type == PK_PRIVATE || key->type == PK_PRIVATE_OPTIMIZED) {
241
INPUT_BIGNUM(&key->d, in, x, y, inlen);
244
/* get CRT private data if required */
245
if (key->type == PK_PRIVATE_OPTIMIZED) {
246
INPUT_BIGNUM(&key->dQ, in, x, y, inlen);
247
INPUT_BIGNUM(&key->dP, in, x, y, inlen);
248
INPUT_BIGNUM(&key->pQ, in, x, y, inlen);
249
INPUT_BIGNUM(&key->qP, in, x, y, inlen);
250
INPUT_BIGNUM(&key->p, in, x, y, inlen);
251
INPUT_BIGNUM(&key->q, in, x, y, inlen);
254
/* free up ram not required */
255
if (key->type != PK_PRIVATE_OPTIMIZED) {
256
mp_clear_multi(&key->dQ, &key->dP, &key->pQ, &key->qP, &key->p, &key->q, NULL);
258
if (key->type != PK_PRIVATE && key->type != PK_PRIVATE_OPTIMIZED) {
264
mp_clear_multi(&key->d, &key->e, &key->N, &key->dQ, &key->dP,
265
&key->pQ, &key->qP, &key->p, &key->q, NULL);