1
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
3
* LibTomCrypt is a library that provides various cryptographic
4
* algorithms in a highly modular and flexible manner.
6
* The library is free for all purposes without any express
9
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
12
/* these are smaller routines written by Clay Culver. They do the same function as the rsa_encrypt/decrypt
13
* except that they are used to RSA encrypt/decrypt a single value and not a packet.
15
int rsa_encrypt_key(const unsigned char *inkey, unsigned long inlen,
16
unsigned char *outkey, unsigned long *outlen,
17
prng_state *prng, int wprng, rsa_key *key)
19
unsigned char rsa_in[RSA_STACK], rsa_out[RSA_STACK];
20
unsigned long x, y, rsa_size;
23
_ARGCHK(inkey != NULL);
24
_ARGCHK(outkey != NULL);
25
_ARGCHK(outlen != NULL);
28
/* only allow keys from 64 to 256 bits */
29
if (inlen < 8 || inlen > 32) {
30
return CRYPT_INVALID_ARG;
33
/* are the parameters valid? */
34
if ((err = prng_is_valid(wprng)) != CRYPT_OK) {
38
/* rsa_pad the symmetric key */
39
y = (unsigned long)sizeof(rsa_in);
40
if ((err = rsa_pad(inkey, inlen, rsa_in, &y, wprng, prng)) != CRYPT_OK) {
45
rsa_size = (unsigned long)sizeof(rsa_out);
46
if ((err = rsa_exptmod(rsa_in, y, rsa_out, &rsa_size, PK_PUBLIC, key)) != CRYPT_OK) {
51
if (*outlen < (PACKET_SIZE+4+rsa_size)) {
52
return CRYPT_BUFFER_OVERFLOW;
56
packet_store_header(outkey, PACKET_SECT_RSA, PACKET_SUB_ENC_KEY);
58
/* now lets make the header */
61
/* store the size of the RSA value */
62
STORE32L(rsa_size, (outkey+y));
65
/* store the rsa value */
66
for (x = 0; x < rsa_size; x++, y++) {
67
outkey[y] = rsa_out[x];
73
zeromem(rsa_in, sizeof(rsa_in));
74
zeromem(rsa_out, sizeof(rsa_out));
80
int rsa_decrypt_key(const unsigned char *in, unsigned long inlen,
81
unsigned char *outkey, unsigned long *keylen,
84
unsigned char sym_key[MAXBLOCKSIZE], rsa_out[RSA_STACK];
85
unsigned long x, y, z, i, rsa_size;
89
_ARGCHK(outkey != NULL);
90
_ARGCHK(keylen != NULL);
94
if (key->type != PK_PRIVATE && key->type != PK_PRIVATE_OPTIMIZED) {
95
return CRYPT_PK_NOT_PRIVATE;
98
if (inlen < PACKET_SIZE+4) {
99
return CRYPT_INVALID_PACKET;
101
inlen -= PACKET_SIZE+4;
104
/* check the header */
105
if ((err = packet_valid_header((unsigned char *)in, PACKET_SECT_RSA, PACKET_SUB_ENC_KEY)) != CRYPT_OK) {
109
/* grab length of the rsa key */
111
LOAD32L(rsa_size, (in+y));
112
if (inlen < rsa_size) {
113
return CRYPT_INVALID_PACKET;
120
x = (unsigned long)sizeof(rsa_out);
121
if ((err = rsa_exptmod(in+y, rsa_size, rsa_out, &x, PK_PRIVATE, key)) != CRYPT_OK) {
127
z = (unsigned long)sizeof(sym_key);
128
if ((err = rsa_depad(rsa_out, x, sym_key, &z)) != CRYPT_OK) {
134
return CRYPT_BUFFER_OVERFLOW;
137
for (i = 0; i < z; i++) {
138
outkey[i] = sym_key[i];
143
zeromem(sym_key, sizeof(sym_key));
144
zeromem(rsa_out, sizeof(rsa_out));
150
int rsa_sign_hash(const unsigned char *in, unsigned long inlen,
151
unsigned char *out, unsigned long *outlen,
154
unsigned long rsa_size, x, y;
155
unsigned char rsa_in[RSA_STACK], rsa_out[RSA_STACK];
159
_ARGCHK(out != NULL);
160
_ARGCHK(outlen != NULL);
161
_ARGCHK(key != NULL);
163
/* reject nonsense sizes */
164
if (inlen > (512/3) || inlen < 16) {
165
return CRYPT_INVALID_ARG;
169
if (key->type != PK_PRIVATE && key->type != PK_PRIVATE_OPTIMIZED) {
170
return CRYPT_PK_NOT_PRIVATE;
174
x = (unsigned long)sizeof(rsa_out);
175
if ((err = rsa_signpad(in, inlen, rsa_out, &x)) != CRYPT_OK) {
180
rsa_size = (unsigned long)sizeof(rsa_in);
181
if ((err = rsa_exptmod(rsa_out, x, rsa_in, &rsa_size, PK_PRIVATE, key)) != CRYPT_OK) {
186
if (*outlen < (PACKET_SIZE+4+rsa_size)) {
187
return CRYPT_BUFFER_OVERFLOW;
190
/* now lets output the message */
194
STORE32L(rsa_size, (out+y));
197
/* store the signature */
198
for (x = 0; x < rsa_size; x++, y++) {
203
packet_store_header(out, PACKET_SECT_RSA, PACKET_SUB_SIGNED);
207
zeromem(rsa_in, sizeof(rsa_in));
208
zeromem(rsa_out, sizeof(rsa_out));
214
int rsa_verify_hash(const unsigned char *sig, unsigned long siglen,
215
const unsigned char *md, int *stat, rsa_key *key)
217
unsigned long rsa_size, x, y, z;
218
unsigned char rsa_in[RSA_STACK], rsa_out[RSA_STACK];
221
_ARGCHK(sig != NULL);
223
_ARGCHK(stat != NULL);
224
_ARGCHK(key != NULL);
226
/* always be incorrect by default */
229
if (siglen < PACKET_SIZE+4) {
230
return CRYPT_INVALID_PACKET;
232
siglen -= PACKET_SIZE+4;
236
if ((err = packet_valid_header((unsigned char *)sig, PACKET_SECT_RSA, PACKET_SUB_SIGNED)) != CRYPT_OK) {
242
LOAD32L(rsa_size, (sig+y));
243
if (siglen < rsa_size) {
244
return CRYPT_INVALID_PACKET;
251
x = (unsigned long)sizeof(rsa_out);
252
if ((err = rsa_exptmod(sig+y, rsa_size, rsa_out, &x, PK_PUBLIC, key)) != CRYPT_OK) {
258
z = (unsigned long)sizeof(rsa_in);
259
if ((err = rsa_signdepad(rsa_out, x, rsa_in, &z)) != CRYPT_OK) {
264
if (memcmp(rsa_in, md, (size_t)z) == 0) {
269
zeromem(rsa_in, sizeof(rsa_in));
270
zeromem(rsa_out, sizeof(rsa_out));