diff options
| author | Matt Johnston <matt@ucc.asn.au> | 2007-02-06 16:00:18 +0000 |
|---|---|---|
| committer | Matt Johnston <matt@ucc.asn.au> | 2007-02-06 16:00:18 +0000 |
| commit | cda7af7ca2fe9fb8d848e7891a528e63531a4e8d (patch) | |
| tree | 936cdb192e15a456a67d52ab439841b4610404c2 /libtomcrypt/src/pk | |
| parent | d199e0b1196f39509a92e31d6843193d828bcfab (diff) | |
| parent | b1217873364b9c6aa974462b466a795f224249f3 (diff) | |
merge of '73fe066c5d9e2395354ba74756124d45c978a04d'
and 'f5014cc84558f1e8eba42dbecf9f72f94bfe6134'
--HG--
branch : channel-fix
extra : convert_revision : cc6095ce978e5f9e51ece6f1717499bc73594bcc
Diffstat (limited to 'libtomcrypt/src/pk')
103 files changed, 6040 insertions, 3241 deletions
diff --git a/libtomcrypt/src/pk/asn1/der/bit/der_decode_bit_string.c b/libtomcrypt/src/pk/asn1/der/bit/der_decode_bit_string.c index da5b989..1d3569c 100644 --- a/libtomcrypt/src/pk/asn1/der/bit/der_decode_bit_string.c +++ b/libtomcrypt/src/pk/asn1/der/bit/der_decode_bit_string.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ #include "tomcrypt.h" @@ -51,7 +51,7 @@ int der_decode_bit_string(const unsigned char *in, unsigned long inlen, /* get the length of the data */ if (in[x] & 0x80) { /* long format get number of length bytes */ - y = in[x++] & 127; + y = in[x++] & 0x7F; /* invalid if 0 or > 2 */ if (y == 0 || y > 2) { @@ -65,7 +65,7 @@ int der_decode_bit_string(const unsigned char *in, unsigned long inlen, } } else { /* short format */ - dlen = in[x++] & 127; + dlen = in[x++] & 0x7F; } /* is the data len too long or too short? */ @@ -78,6 +78,7 @@ int der_decode_bit_string(const unsigned char *in, unsigned long inlen, /* too many bits? */ if (blen > *outlen) { + *outlen = blen; return CRYPT_BUFFER_OVERFLOW; } @@ -97,5 +98,5 @@ int der_decode_bit_string(const unsigned char *in, unsigned long inlen, #endif /* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/bit/der_decode_bit_string.c,v $ */ -/* $Revision: 1.1 $ */ -/* $Date: 2005/05/16 15:08:11 $ */ +/* $Revision: 1.4 $ */ +/* $Date: 2006/06/16 21:53:41 $ */ diff --git a/libtomcrypt/src/pk/asn1/der/bit/der_encode_bit_string.c b/libtomcrypt/src/pk/asn1/der/bit/der_encode_bit_string.c index 569c15b..757963c 100644 --- a/libtomcrypt/src/pk/asn1/der/bit/der_encode_bit_string.c +++ b/libtomcrypt/src/pk/asn1/der/bit/der_encode_bit_string.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ #include "tomcrypt.h" @@ -29,7 +29,8 @@ int der_encode_bit_string(const unsigned char *in, unsigned long inlen, unsigned char *out, unsigned long *outlen) { - unsigned long len, x, y, buf; + unsigned long len, x, y; + unsigned char buf; int err; LTC_ARGCHK(in != NULL); @@ -42,6 +43,7 @@ int der_encode_bit_string(const unsigned char *in, unsigned long inlen, } if (len > *outlen) { + *outlen = len; return CRYPT_BUFFER_OVERFLOW; } @@ -51,18 +53,18 @@ int der_encode_bit_string(const unsigned char *in, unsigned long inlen, out[x++] = 0x03; if (y < 128) { - out[x++] = y; + out[x++] = (unsigned char)y; } else if (y < 256) { out[x++] = 0x81; - out[x++] = y; + out[x++] = (unsigned char)y; } else if (y < 65536) { out[x++] = 0x82; - out[x++] = (y>>8)&255; - out[x++] = y&255; + out[x++] = (unsigned char)((y>>8)&255); + out[x++] = (unsigned char)(y&255); } /* store number of zero padding bits */ - out[x++] = (8 - inlen) & 7; + out[x++] = (unsigned char)((8 - inlen) & 7); /* store the bits in big endian format */ for (y = buf = 0; y < inlen; y++) { @@ -83,5 +85,5 @@ int der_encode_bit_string(const unsigned char *in, unsigned long inlen, #endif /* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/bit/der_encode_bit_string.c,v $ */ -/* $Revision: 1.1 $ */ -/* $Date: 2005/05/16 15:08:11 $ */ +/* $Revision: 1.4 $ */ +/* $Date: 2006/12/04 21:34:03 $ */ diff --git a/libtomcrypt/src/pk/asn1/der/bit/der_length_bit_string.c b/libtomcrypt/src/pk/asn1/der/bit/der_length_bit_string.c index dd6ea6d..3dc2abf 100644 --- a/libtomcrypt/src/pk/asn1/der/bit/der_length_bit_string.c +++ b/libtomcrypt/src/pk/asn1/der/bit/der_length_bit_string.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ #include "tomcrypt.h" @@ -50,5 +50,5 @@ int der_length_bit_string(unsigned long nbits, unsigned long *outlen) /* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/bit/der_length_bit_string.c,v $ */ -/* $Revision: 1.1 $ */ -/* $Date: 2005/05/16 15:08:11 $ */ +/* $Revision: 1.2 $ */ +/* $Date: 2006/03/31 14:15:35 $ */ diff --git a/libtomcrypt/src/pk/asn1/der/boolean/der_decode_boolean.c b/libtomcrypt/src/pk/asn1/der/boolean/der_decode_boolean.c new file mode 100644 index 0000000..7259e51 --- /dev/null +++ b/libtomcrypt/src/pk/asn1/der/boolean/der_decode_boolean.c @@ -0,0 +1,47 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com + */ +#include "tomcrypt.h" + +/** + @file der_decode_boolean.c + ASN.1 DER, decode a BOOLEAN, Tom St Denis +*/ + + +#ifdef LTC_DER + +/** + Read a BOOLEAN + @param in The destination for the DER encoded BOOLEAN + @param inlen The size of the DER BOOLEAN + @param out [out] The boolean to decode + @return CRYPT_OK if successful +*/ +int der_decode_boolean(const unsigned char *in, unsigned long inlen, + int *out) +{ + LTC_ARGCHK(in != NULL); + LTC_ARGCHK(out != NULL); + + if (inlen != 3 || in[0] != 0x01 || in[1] != 0x01 || (in[2] != 0x00 && in[2] != 0xFF)) { + return CRYPT_INVALID_ARG; + } + + *out = (in[2]==0xFF) ? 1 : 0; + + return CRYPT_OK; +} + +#endif + +/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/boolean/der_decode_boolean.c,v $ */ +/* $Revision: 1.1 $ */ +/* $Date: 2006/04/22 17:01:59 $ */ diff --git a/libtomcrypt/src/pk/asn1/der/boolean/der_encode_boolean.c b/libtomcrypt/src/pk/asn1/der/boolean/der_encode_boolean.c new file mode 100644 index 0000000..9344a79 --- /dev/null +++ b/libtomcrypt/src/pk/asn1/der/boolean/der_encode_boolean.c @@ -0,0 +1,51 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com + */ +#include "tomcrypt.h" + +/** + @file der_encode_boolean.c + ASN.1 DER, encode a BOOLEAN, Tom St Denis +*/ + + +#ifdef LTC_DER + +/** + Store a BOOLEAN + @param in The boolean to encode + @param out [out] The destination for the DER encoded BOOLEAN + @param outlen [in/out] The max size and resulting size of the DER BOOLEAN + @return CRYPT_OK if successful +*/ +int der_encode_boolean(int in, + unsigned char *out, unsigned long *outlen) +{ + LTC_ARGCHK(outlen != NULL); + LTC_ARGCHK(out != NULL); + + if (*outlen < 3) { + *outlen = 3; + return CRYPT_BUFFER_OVERFLOW; + } + + *outlen = 3; + out[0] = 0x01; + out[1] = 0x01; + out[2] = in ? 0xFF : 0x00; + + return CRYPT_OK; +} + +#endif + +/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/boolean/der_encode_boolean.c,v $ */ +/* $Revision: 1.3 $ */ +/* $Date: 2006/06/16 21:53:41 $ */ diff --git a/libtomcrypt/src/pk/asn1/der/boolean/der_length_boolean.c b/libtomcrypt/src/pk/asn1/der/boolean/der_length_boolean.c new file mode 100644 index 0000000..cd5bf2d --- /dev/null +++ b/libtomcrypt/src/pk/asn1/der/boolean/der_length_boolean.c @@ -0,0 +1,35 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com + */ +#include "tomcrypt.h" + +/** + @file der_length_boolean.c + ASN.1 DER, get length of a BOOLEAN, Tom St Denis +*/ + +#ifdef LTC_DER +/** + Gets length of DER encoding of a BOOLEAN + @param outlen [out] The length of the DER encoding + @return CRYPT_OK if successful +*/ +int der_length_boolean(unsigned long *outlen) +{ + LTC_ARGCHK(outlen != NULL); + *outlen = 3; + return CRYPT_OK; +} + +#endif + +/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/boolean/der_length_boolean.c,v $ */ +/* $Revision: 1.2 $ */ +/* $Date: 2006/04/22 17:28:38 $ */ diff --git a/libtomcrypt/src/pk/asn1/der/choice/der_decode_choice.c b/libtomcrypt/src/pk/asn1/der/choice/der_decode_choice.c index 61cba11..4ff6f17 100644 --- a/libtomcrypt/src/pk/asn1/der/choice/der_decode_choice.c +++ b/libtomcrypt/src/pk/asn1/der/choice/der_decode_choice.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ #include "tomcrypt.h" @@ -96,6 +96,7 @@ int der_decode_choice(const unsigned char *in, unsigned long *inlen, case LTC_ASN1_NULL: if (*inlen == 2 && in[x] == 0x05 && in[x+1] == 0x00) { *inlen = 2; + list[x].used = 1; return CRYPT_OK; } break; @@ -134,6 +135,17 @@ int der_decode_choice(const unsigned char *in, unsigned long *inlen, } break; + case LTC_ASN1_UTF8_STRING: + if (der_decode_utf8_string(in, *inlen, data, &size) == CRYPT_OK) { + if (der_length_utf8_string(data, size, &z) == CRYPT_OK) { + list[x].used = 1; + list[x].size = size; + *inlen = z; + return CRYPT_OK; + } + } + break; + case LTC_ASN1_UTCTIME: z = *inlen; if (der_decode_utctime(in, &z, data) == CRYPT_OK) { @@ -143,6 +155,8 @@ int der_decode_choice(const unsigned char *in, unsigned long *inlen, } break; + case LTC_ASN1_SET: + case LTC_ASN1_SETOF: case LTC_ASN1_SEQUENCE: if (der_decode_sequence(in, *inlen, data, size) == CRYPT_OK) { if (der_length_sequence(data, size, &z) == CRYPT_OK) { @@ -164,5 +178,5 @@ int der_decode_choice(const unsigned char *in, unsigned long *inlen, #endif /* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/choice/der_decode_choice.c,v $ */ -/* $Revision: 1.4 $ */ -/* $Date: 2005/06/19 11:25:01 $ */ +/* $Revision: 1.8 $ */ +/* $Date: 2006/12/06 02:23:49 $ */ diff --git a/libtomcrypt/src/pk/asn1/der/ia5/der_decode_ia5_string.c b/libtomcrypt/src/pk/asn1/der/ia5/der_decode_ia5_string.c index ac0a4af..2514b77 100644 --- a/libtomcrypt/src/pk/asn1/der/ia5/der_decode_ia5_string.c +++ b/libtomcrypt/src/pk/asn1/der/ia5/der_decode_ia5_string.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ #include "tomcrypt.h" @@ -67,6 +67,7 @@ int der_decode_ia5_string(const unsigned char *in, unsigned long inlen, /* is it too long? */ if (len > *outlen) { + *outlen = len; return CRYPT_BUFFER_OVERFLOW; } @@ -91,5 +92,5 @@ int der_decode_ia5_string(const unsigned char *in, unsigned long inlen, #endif /* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/ia5/der_decode_ia5_string.c,v $ */ -/* $Revision: 1.1 $ */ -/* $Date: 2005/05/16 15:08:11 $ */ +/* $Revision: 1.3 $ */ +/* $Date: 2006/06/16 21:53:41 $ */ diff --git a/libtomcrypt/src/pk/asn1/der/ia5/der_encode_ia5_string.c b/libtomcrypt/src/pk/asn1/der/ia5/der_encode_ia5_string.c index a79b46e..aff3392 100644 --- a/libtomcrypt/src/pk/asn1/der/ia5/der_encode_ia5_string.c +++ b/libtomcrypt/src/pk/asn1/der/ia5/der_encode_ia5_string.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ #include "tomcrypt.h" @@ -42,6 +42,7 @@ int der_encode_ia5_string(const unsigned char *in, unsigned long inlen, /* too big? */ if (len > *outlen) { + *outlen = len; return CRYPT_BUFFER_OVERFLOW; } @@ -49,19 +50,19 @@ int der_encode_ia5_string(const unsigned char *in, unsigned long inlen, x = 0; out[x++] = 0x16; if (inlen < 128) { - out[x++] = inlen; + out[x++] = (unsigned char)inlen; } else if (inlen < 256) { out[x++] = 0x81; - out[x++] = inlen; + out[x++] = (unsigned char)inlen; } else if (inlen < 65536UL) { out[x++] = 0x82; - out[x++] = (inlen>>8)&255; - out[x++] = inlen&255; + out[x++] = (unsigned char)((inlen>>8)&255); + out[x++] = (unsigned char)(inlen&255); } else if (inlen < 16777216UL) { out[x++] = 0x83; - out[x++] = (inlen>>16)&255; - out[x++] = (inlen>>8)&255; - out[x++] = inlen&255; + out[x++] = (unsigned char)((inlen>>16)&255); + out[x++] = (unsigned char)((inlen>>8)&255); + out[x++] = (unsigned char)(inlen&255); } else { return CRYPT_INVALID_ARG; } @@ -80,5 +81,5 @@ int der_encode_ia5_string(const unsigned char *in, unsigned long inlen, #endif /* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/ia5/der_encode_ia5_string.c,v $ */ -/* $Revision: 1.1 $ */ -/* $Date: 2005/05/16 15:08:11 $ */ +/* $Revision: 1.4 $ */ +/* $Date: 2006/12/04 21:34:03 $ */ diff --git a/libtomcrypt/src/pk/asn1/der/ia5/der_length_ia5_string.c b/libtomcrypt/src/pk/asn1/der/ia5/der_length_ia5_string.c index d07d630..6278dd2 100644 --- a/libtomcrypt/src/pk/asn1/der/ia5/der_length_ia5_string.c +++ b/libtomcrypt/src/pk/asn1/der/ia5/der_length_ia5_string.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ #include "tomcrypt.h" @@ -190,5 +190,5 @@ int der_length_ia5_string(const unsigned char *octets, unsigned long noctets, un /* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/ia5/der_length_ia5_string.c,v $ */ -/* $Revision: 1.1 $ */ -/* $Date: 2005/05/16 15:08:11 $ */ +/* $Revision: 1.2 $ */ +/* $Date: 2006/03/31 14:15:35 $ */ diff --git a/libtomcrypt/src/pk/asn1/der/integer/der_decode_integer.c b/libtomcrypt/src/pk/asn1/der/integer/der_decode_integer.c index e68b2c9..aef87a3 100644 --- a/libtomcrypt/src/pk/asn1/der/integer/der_decode_integer.c +++ b/libtomcrypt/src/pk/asn1/der/integer/der_decode_integer.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ #include "tomcrypt.h" @@ -25,7 +25,7 @@ @param num The first mp_int to decode @return CRYPT_OK if successful */ -int der_decode_integer(const unsigned char *in, unsigned long inlen, mp_int *num) +int der_decode_integer(const unsigned char *in, unsigned long inlen, void *num) { unsigned long x, y, z; int err; @@ -56,7 +56,7 @@ int der_decode_integer(const unsigned char *in, unsigned long inlen, mp_int *num } /* no so read it */ - if ((err = mpi_to_ltc_error(mp_read_unsigned_bin(num, (unsigned char *)in + x, z))) != CRYPT_OK) { + if ((err = mp_read_unsigned_bin(num, (unsigned char *)in + x, z)) != CRYPT_OK) { return err; } } else { @@ -80,23 +80,23 @@ int der_decode_integer(const unsigned char *in, unsigned long inlen, mp_int *num } /* no so read it */ - if ((err = mpi_to_ltc_error(mp_read_unsigned_bin(num, (unsigned char *)in + x, y))) != CRYPT_OK) { + if ((err = mp_read_unsigned_bin(num, (unsigned char *)in + x, y)) != CRYPT_OK) { return err; } } /* see if it's negative */ if (in[x] & 0x80) { - mp_int tmp; - if (mp_init(&tmp) != MP_OKAY) { + void *tmp; + if (mp_init(&tmp) != CRYPT_OK) { return CRYPT_MEM; } - if (mp_2expt(&tmp, mp_count_bits(num)) != MP_OKAY || mp_sub(num, &tmp, num) != MP_OKAY) { - mp_clear(&tmp); + if (mp_2expt(tmp, mp_count_bits(num)) != CRYPT_OK || mp_sub(num, tmp, num) != CRYPT_OK) { + mp_clear(tmp); return CRYPT_MEM; } - mp_clear(&tmp); + mp_clear(tmp); } return CRYPT_OK; @@ -106,5 +106,5 @@ int der_decode_integer(const unsigned char *in, unsigned long inlen, mp_int *num #endif /* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/integer/der_decode_integer.c,v $ */ -/* $Revision: 1.2 $ */ -/* $Date: 2005/06/01 00:06:05 $ */ +/* $Revision: 1.4 $ */ +/* $Date: 2006/03/31 14:15:35 $ */ diff --git a/libtomcrypt/src/pk/asn1/der/integer/der_encode_integer.c b/libtomcrypt/src/pk/asn1/der/integer/der_encode_integer.c index f0f41be..ff4fce6 100644 --- a/libtomcrypt/src/pk/asn1/der/integer/der_encode_integer.c +++ b/libtomcrypt/src/pk/asn1/der/integer/der_encode_integer.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ #include "tomcrypt.h" @@ -26,7 +26,7 @@ @param outlen [in/out] The max size and resulting size of the DER encoded integers @return CRYPT_OK if successful */ -int der_encode_integer(mp_int *num, unsigned char *out, unsigned long *outlen) +int der_encode_integer(void *num, unsigned char *out, unsigned long *outlen) { unsigned long tmplen, y; int err, leading_zero; @@ -41,12 +41,13 @@ int der_encode_integer(mp_int *num, unsigned char *out, unsigned long *outlen) } if (*outlen < tmplen) { + *outlen = tmplen; return CRYPT_BUFFER_OVERFLOW; } - if (mp_cmp_d(num, 0) != MP_LT) { + if (mp_cmp_d(num, 0) != LTC_MP_LT) { /* we only need a leading zero if the msb of the first byte is one */ - if ((mp_count_bits(num) & 7) == 0 || mp_iszero(num) == MP_YES) { + if ((mp_count_bits(num) & 7) == 0 || mp_iszero(num) == LTC_MP_YES) { leading_zero = 1; } else { leading_zero = 0; @@ -59,7 +60,7 @@ int der_encode_integer(mp_int *num, unsigned char *out, unsigned long *outlen) y = mp_count_bits(num); y = y + (8 - (y & 7)); y = y >> 3; - + if (((mp_cnt_lsb(num)+1)==mp_count_bits(num)) && ((mp_count_bits(num)&7)==0)) --y; } /* now store initial data */ @@ -69,16 +70,16 @@ int der_encode_integer(mp_int *num, unsigned char *out, unsigned long *outlen) *out++ = (unsigned char)y; } else if (y < 256) { *out++ = 0x81; - *out++ = y; + *out++ = (unsigned char)y; } else if (y < 65536UL) { *out++ = 0x82; - *out++ = (y>>8)&255; - *out++ = y; + *out++ = (unsigned char)((y>>8)&255); + *out++ = (unsigned char)y; } else if (y < 16777216UL) { *out++ = 0x83; - *out++ = (y>>16)&255; - *out++ = (y>>8)&255; - *out++ = y; + *out++ = (unsigned char)((y>>16)&255); + *out++ = (unsigned char)((y>>8)&255); + *out++ = (unsigned char)y; } else { return CRYPT_INVALID_ARG; } @@ -89,31 +90,32 @@ int der_encode_integer(mp_int *num, unsigned char *out, unsigned long *outlen) } /* if it's not zero store it as big endian */ - if (mp_cmp_d(num, 0) == MP_GT) { + if (mp_cmp_d(num, 0) == LTC_MP_GT) { /* now store the mpint */ - if ((err = mp_to_unsigned_bin(num, out)) != MP_OKAY) { - return mpi_to_ltc_error(err); + if ((err = mp_to_unsigned_bin(num, out)) != CRYPT_OK) { + return err; } - } else if (mp_iszero(num) != MP_YES) { - mp_int tmp; + } else if (mp_iszero(num) != LTC_MP_YES) { + void *tmp; + /* negative */ - if (mp_init(&tmp) != MP_OKAY) { + if (mp_init(&tmp) != CRYPT_OK) { return CRYPT_MEM; } /* 2^roundup and subtract */ y = mp_count_bits(num); y = y + (8 - (y & 7)); - if (mp_2expt(&tmp, y) != MP_OKAY || mp_add(&tmp, num, &tmp) != MP_OKAY) { - mp_clear(&tmp); + if (((mp_cnt_lsb(num)+1)==mp_count_bits(num)) && ((mp_count_bits(num)&7)==0)) y -= 8; + if (mp_2expt(tmp, y) != CRYPT_OK || mp_add(tmp, num, tmp) != CRYPT_OK) { + mp_clear(tmp); return CRYPT_MEM; } - - if ((err = mp_to_unsigned_bin(&tmp, out)) != MP_OKAY) { - mp_clear(&tmp); - return mpi_to_ltc_error(err); + if ((err = mp_to_unsigned_bin(tmp, out)) != CRYPT_OK) { + mp_clear(tmp); + return err; } - mp_clear(&tmp); + mp_clear(tmp); } /* we good */ @@ -124,5 +126,5 @@ int der_encode_integer(mp_int *num, unsigned char *out, unsigned long *outlen) #endif /* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/integer/der_encode_integer.c,v $ */ -/* $Revision: 1.1 $ */ -/* $Date: 2005/05/16 15:08:11 $ */ +/* $Revision: 1.8 $ */ +/* $Date: 2006/12/04 21:34:03 $ */ diff --git a/libtomcrypt/src/pk/asn1/der/integer/der_length_integer.c b/libtomcrypt/src/pk/asn1/der/integer/der_length_integer.c index 1bfee45..bcc331d 100644 --- a/libtomcrypt/src/pk/asn1/der/integer/der_length_integer.c +++ b/libtomcrypt/src/pk/asn1/der/integer/der_length_integer.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ #include "tomcrypt.h" @@ -19,11 +19,11 @@ #ifdef LTC_DER /** Gets length of DER encoding of num - @param num The mp_int to get the size of + @param num The int to get the size of @param outlen [out] The length of the DER encoding for the given integer @return CRYPT_OK if successful */ -int der_length_integer(mp_int *num, unsigned long *outlen) +int der_length_integer(void *num, unsigned long *outlen) { unsigned long z, len; int leading_zero; @@ -31,11 +31,11 @@ int der_length_integer(mp_int *num, unsigned long *outlen) LTC_ARGCHK(num != NULL); LTC_ARGCHK(outlen != NULL); - if (mp_cmp_d(num, 0) != MP_LT) { + if (mp_cmp_d(num, 0) != LTC_MP_LT) { /* positive */ /* we only need a leading zero if the msb of the first byte is one */ - if ((mp_count_bits(num) & 7) == 0 || mp_iszero(num) == MP_YES) { + if ((mp_count_bits(num) & 7) == 0 || mp_iszero(num) == LTC_MP_YES) { leading_zero = 1; } else { leading_zero = 0; @@ -49,6 +49,7 @@ int der_length_integer(mp_int *num, unsigned long *outlen) leading_zero = 0; z = mp_count_bits(num); z = z + (8 - (z & 7)); + if (((mp_cnt_lsb(num)+1)==mp_count_bits(num)) && ((mp_count_bits(num)&7)==0)) --z; len = z = z >> 3; } @@ -77,5 +78,5 @@ int der_length_integer(mp_int *num, unsigned long *outlen) #endif /* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/integer/der_length_integer.c,v $ */ -/* $Revision: 1.1 $ */ -/* $Date: 2005/05/16 15:08:11 $ */ +/* $Revision: 1.4 $ */ +/* $Date: 2006/04/22 01:22:55 $ */ diff --git a/libtomcrypt/src/pk/asn1/der/object_identifier/der_decode_object_identifier.c b/libtomcrypt/src/pk/asn1/der/object_identifier/der_decode_object_identifier.c index c69c9a3..1fa87d8 100644 --- a/libtomcrypt/src/pk/asn1/der/object_identifier/der_decode_object_identifier.c +++ b/libtomcrypt/src/pk/asn1/der/object_identifier/der_decode_object_identifier.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ #include "tomcrypt.h" @@ -67,14 +67,8 @@ int der_decode_object_identifier(const unsigned char *in, unsigned long inle return CRYPT_INVALID_PACKET; } - /* decode word1 and word2 */ - --len; - t = in[x++]; - words[0] = t/40; - words[1] = t%40; - - /* decode rest */ - y = 2; + /* decode words */ + y = 0; t = 0; while (len--) { t = (t << 7) | (in[x] & 0x7F); @@ -83,7 +77,13 @@ int der_decode_object_identifier(const unsigned char *in, unsigned long inle if (y >= *outlen) { return CRYPT_BUFFER_OVERFLOW; } - words[y++] = t; + if (y == 0) { + words[0] = t / 40; + words[1] = t % 40; + y = 2; + } else { + words[y++] = t; + } t = 0; } } @@ -95,5 +95,5 @@ int der_decode_object_identifier(const unsigned char *in, unsigned long inle #endif /* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/object_identifier/der_decode_object_identifier.c,v $ */ -/* $Revision: 1.1 $ */ -/* $Date: 2005/05/16 15:08:11 $ */ +/* $Revision: 1.5 $ */ +/* $Date: 2006/11/21 00:18:23 $ */ diff --git a/libtomcrypt/src/pk/asn1/der/object_identifier/der_encode_object_identifier.c b/libtomcrypt/src/pk/asn1/der/object_identifier/der_encode_object_identifier.c index 16eb112..b343aaa 100644 --- a/libtomcrypt/src/pk/asn1/der/object_identifier/der_encode_object_identifier.c +++ b/libtomcrypt/src/pk/asn1/der/object_identifier/der_encode_object_identifier.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ #include "tomcrypt.h" @@ -27,7 +27,7 @@ int der_encode_object_identifier(unsigned long *words, unsigned long nwords, unsigned char *out, unsigned long *outlen) { - unsigned long i, x, y, z, t, mask; + unsigned long i, x, y, z, t, mask, wordbuf; int err; LTC_ARGCHK(words != NULL); @@ -39,50 +39,54 @@ int der_encode_object_identifier(unsigned long *words, unsigned long nwords, return err; } if (x > *outlen) { + *outlen = x; return CRYPT_BUFFER_OVERFLOW; } /* compute length to store OID data */ - z = 1; - for (y = 2; y < nwords; y++) { - t = der_object_identifier_bits(words[y]); - z += t/7 + ((t%7) ? 1 : 0); + z = 0; + wordbuf = words[0] * 40 + words[1]; + for (y = 1; y < nwords; y++) { + t = der_object_identifier_bits(wordbuf); + z += t/7 + ((t%7) ? 1 : 0) + (wordbuf == 0 ? 1 : 0); + if (y < nwords - 1) { + wordbuf = words[y + 1]; + } } /* store header + length */ x = 0; out[x++] = 0x06; if (z < 128) { - out[x++] = z; + out[x++] = (unsigned char)z; } else if (z < 256) { out[x++] = 0x81; - out[x++] = z; + out[x++] = (unsigned char)z; } else if (z < 65536UL) { out[x++] = 0x82; - out[x++] = (z>>8)&255; - out[x++] = z&255; + out[x++] = (unsigned char)((z>>8)&255); + out[x++] = (unsigned char)(z&255); } else { return CRYPT_INVALID_ARG; } /* store first byte */ - out[x++] = words[0] * 40 + words[1]; - - for (i = 2; i < nwords; i++) { + wordbuf = words[0] * 40 + words[1]; + for (i = 1; i < nwords; i++) { /* store 7 bit words in little endian */ - t = words[i] & 0xFFFFFFFF; + t = wordbuf & 0xFFFFFFFF; if (t) { y = x; mask = 0; while (t) { - out[x++] = (t & 0x7F) | mask; + out[x++] = (unsigned char)((t & 0x7F) | mask); t >>= 7; mask |= 0x80; /* upper bit is set on all but the last byte */ } /* now swap bytes y...x-1 */ z = x - 1; while (y < z) { - t = out[y]; out[y] = out[z]; out[z] = t; + t = out[y]; out[y] = out[z]; out[z] = (unsigned char)t; ++y; --z; } @@ -90,6 +94,10 @@ int der_encode_object_identifier(unsigned long *words, unsigned long nwords, /* zero word */ out[x++] = 0x00; } + + if (i < nwords - 1) { + wordbuf = words[i + 1]; + } } *outlen = x; @@ -99,5 +107,5 @@ int der_encode_object_identifier(unsigned long *words, unsigned long nwords, #endif /* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/object_identifier/der_encode_object_identifier.c,v $ */ -/* $Revision: 1.1 $ */ -/* $Date: 2005/05/16 15:08:11 $ */ +/* $Revision: 1.6 $ */ +/* $Date: 2006/12/04 21:34:03 $ */ diff --git a/libtomcrypt/src/pk/asn1/der/object_identifier/der_length_object_identifier.c b/libtomcrypt/src/pk/asn1/der/object_identifier/der_length_object_identifier.c index d03d1a7..a4cf53f 100644 --- a/libtomcrypt/src/pk/asn1/der/object_identifier/der_length_object_identifier.c +++ b/libtomcrypt/src/pk/asn1/der/object_identifier/der_length_object_identifier.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ #include "tomcrypt.h" @@ -39,7 +39,7 @@ unsigned long der_object_identifier_bits(unsigned long x) */ int der_length_object_identifier(unsigned long *words, unsigned long nwords, unsigned long *outlen) { - unsigned long y, z, t; + unsigned long y, z, t, wordbuf; LTC_ARGCHK(words != NULL); LTC_ARGCHK(outlen != NULL); @@ -50,16 +50,21 @@ int der_length_object_identifier(unsigned long *words, unsigned long nwords, uns return CRYPT_INVALID_ARG; } - /* word1 = 0,1,2 and word2 0..39 */ - if (words[0] > 2 || words[1] > 39) { + /* word1 = 0,1,2,3 and word2 0..39 */ + if (words[0] > 3 || (words[0] < 2 && words[1] > 39)) { return CRYPT_INVALID_ARG; } - /* leading byte of first two words */ - z = 1; - for (y = 2; y < nwords; y++) { - t = der_object_identifier_bits(words[y]); - z += t/7 + ((t%7) ? 1 : 0); + /* leading word is the first two */ + z = 0; + wordbuf = words[0] * 40 + words[1]; + for (y = 1; y < nwords; y++) { + t = der_object_identifier_bits(wordbuf); + z += t/7 + ((t%7) ? 1 : 0) + (wordbuf == 0 ? 1 : 0); + if (y < nwords - 1) { + /* grab next word */ + wordbuf = words[y+1]; + } } /* now depending on the length our length encoding changes */ @@ -80,5 +85,5 @@ int der_length_object_identifier(unsigned long *words, unsigned long nwords, uns #endif /* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/object_identifier/der_length_object_identifier.c,v $ */ -/* $Revision: 1.1 $ */ -/* $Date: 2005/05/16 15:08:11 $ */ +/* $Revision: 1.4 $ */ +/* $Date: 2006/04/16 20:17:42 $ */ diff --git a/libtomcrypt/src/pk/asn1/der/octet/der_decode_octet_string.c b/libtomcrypt/src/pk/asn1/der/octet/der_decode_octet_string.c index 2d3800f..b937e63 100644 --- a/libtomcrypt/src/pk/asn1/der/octet/der_decode_octet_string.c +++ b/libtomcrypt/src/pk/asn1/der/octet/der_decode_octet_string.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ #include "tomcrypt.h" @@ -66,6 +66,7 @@ int der_decode_octet_string(const unsigned char *in, unsigned long inlen, /* is it too long? */ if (len > *outlen) { + *outlen = len; return CRYPT_BUFFER_OVERFLOW; } @@ -86,5 +87,5 @@ int der_decode_octet_string(const unsigned char *in, unsigned long inlen, #endif /* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/octet/der_decode_octet_string.c,v $ */ -/* $Revision: 1.1 $ */ -/* $Date: 2005/05/16 15:08:11 $ */ +/* $Revision: 1.3 $ */ +/* $Date: 2006/06/16 21:53:41 $ */ diff --git a/libtomcrypt/src/pk/asn1/der/octet/der_encode_octet_string.c b/libtomcrypt/src/pk/asn1/der/octet/der_encode_octet_string.c index f34b708..fe0f163 100644 --- a/libtomcrypt/src/pk/asn1/der/octet/der_encode_octet_string.c +++ b/libtomcrypt/src/pk/asn1/der/octet/der_encode_octet_string.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ #include "tomcrypt.h" @@ -43,6 +43,7 @@ int der_encode_octet_string(const unsigned char *in, unsigned long inlen, /* too big? */ if (len > *outlen) { + *outlen = len; return CRYPT_BUFFER_OVERFLOW; } @@ -50,19 +51,19 @@ int der_encode_octet_string(const unsigned char *in, unsigned long inlen, x = 0; out[x++] = 0x04; if (inlen < 128) { - out[x++] = inlen; + out[x++] = (unsigned char)inlen; } else if (inlen < 256) { out[x++] = 0x81; - out[x++] = inlen; + out[x++] = (unsigned char)inlen; } else if (inlen < 65536UL) { out[x++] = 0x82; - out[x++] = (inlen>>8)&255; - out[x++] = inlen&255; + out[x++] = (unsigned char)((inlen>>8)&255); + out[x++] = (unsigned char)(inlen&255); } else if (inlen < 16777216UL) { out[x++] = 0x83; - out[x++] = (inlen>>16)&255; - out[x++] = (inlen>>8)&255; - out[x++] = inlen&255; + out[x++] = (unsigned char)((inlen>>16)&255); + out[x++] = (unsigned char)((inlen>>8)&255); + out[x++] = (unsigned char)(inlen&255); } else { return CRYPT_INVALID_ARG; } @@ -81,5 +82,5 @@ int der_encode_octet_string(const unsigned char *in, unsigned long inlen, #endif /* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/octet/der_encode_octet_string.c,v $ */ -/* $Revision: 1.1 $ */ -/* $Date: 2005/05/16 15:08:11 $ */ +/* $Revision: 1.4 $ */ +/* $Date: 2006/12/04 21:34:03 $ */ diff --git a/libtomcrypt/src/pk/asn1/der/octet/der_length_octet_string.c b/libtomcrypt/src/pk/asn1/der/octet/der_length_octet_string.c index 9a0bed3..3caf352 100644 --- a/libtomcrypt/src/pk/asn1/der/octet/der_length_octet_string.c +++ b/libtomcrypt/src/pk/asn1/der/octet/der_length_octet_string.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ #include "tomcrypt.h" @@ -49,5 +49,5 @@ int der_length_octet_string(unsigned long noctets, unsigned long *outlen) /* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/octet/der_length_octet_string.c,v $ */ -/* $Revision: 1.1 $ */ -/* $Date: 2005/05/16 15:08:11 $ */ +/* $Revision: 1.2 $ */ +/* $Date: 2006/03/31 14:15:35 $ */ diff --git a/libtomcrypt/src/pk/asn1/der/printable_string/der_decode_printable_string.c b/libtomcrypt/src/pk/asn1/der/printable_string/der_decode_printable_string.c index cbc9239..cae96d8 100644 --- a/libtomcrypt/src/pk/asn1/der/printable_string/der_decode_printable_string.c +++ b/libtomcrypt/src/pk/asn1/der/printable_string/der_decode_printable_string.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ #include "tomcrypt.h" @@ -67,6 +67,7 @@ int der_decode_printable_string(const unsigned char *in, unsigned long inlen, /* is it too long? */ if (len > *outlen) { + *outlen = len; return CRYPT_BUFFER_OVERFLOW; } @@ -91,5 +92,5 @@ int der_decode_printable_string(const unsigned char *in, unsigned long inlen, #endif /* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/printable_string/der_decode_printable_string.c,v $ */ -/* $Revision: 1.1 $ */ -/* $Date: 2005/05/21 02:29:54 $ */ +/* $Revision: 1.3 $ */ +/* $Date: 2006/06/16 21:53:41 $ */ diff --git a/libtomcrypt/src/pk/asn1/der/printable_string/der_encode_printable_string.c b/libtomcrypt/src/pk/asn1/der/printable_string/der_encode_printable_string.c index ab4e8bf..9061b1f 100644 --- a/libtomcrypt/src/pk/asn1/der/printable_string/der_encode_printable_string.c +++ b/libtomcrypt/src/pk/asn1/der/printable_string/der_encode_printable_string.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ #include "tomcrypt.h" @@ -42,6 +42,7 @@ int der_encode_printable_string(const unsigned char *in, unsigned long inlen, /* too big? */ if (len > *outlen) { + *outlen = len; return CRYPT_BUFFER_OVERFLOW; } @@ -49,19 +50,19 @@ int der_encode_printable_string(const unsigned char *in, unsigned long inlen, x = 0; out[x++] = 0x13; if (inlen < 128) { - out[x++] = inlen; + out[x++] = (unsigned char)inlen; } else if (inlen < 256) { out[x++] = 0x81; - out[x++] = inlen; + out[x++] = (unsigned char)inlen; } else if (inlen < 65536UL) { out[x++] = 0x82; - out[x++] = (inlen>>8)&255; - out[x++] = inlen&255; + out[x++] = (unsigned char)((inlen>>8)&255); + out[x++] = (unsigned char)(inlen&255); } else if (inlen < 16777216UL) { out[x++] = 0x83; - out[x++] = (inlen>>16)&255; - out[x++] = (inlen>>8)&255; - out[x++] = inlen&255; + out[x++] = (unsigned char)((inlen>>16)&255); + out[x++] = (unsigned char)((inlen>>8)&255); + out[x++] = (unsigned char)(inlen&255); } else { return CRYPT_INVALID_ARG; } @@ -80,5 +81,5 @@ int der_encode_printable_string(const unsigned char *in, unsigned long inlen, #endif /* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/printable_string/der_encode_printable_string.c,v $ */ -/* $Revision: 1.1 $ */ -/* $Date: 2005/05/21 02:29:54 $ */ +/* $Revision: 1.4 $ */ +/* $Date: 2006/12/04 21:34:03 $ */ diff --git a/libtomcrypt/src/pk/asn1/der/printable_string/der_length_printable_string.c b/libtomcrypt/src/pk/asn1/der/printable_string/der_length_printable_string.c index 34065f2..799b6b6 100644 --- a/libtomcrypt/src/pk/asn1/der/printable_string/der_length_printable_string.c +++ b/libtomcrypt/src/pk/asn1/der/printable_string/der_length_printable_string.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ #include "tomcrypt.h" @@ -162,5 +162,5 @@ int der_length_printable_string(const unsigned char *octets, unsigned long nocte /* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/printable_string/der_length_printable_string.c,v $ */ -/* $Revision: 1.1 $ */ -/* $Date: 2005/05/21 02:29:54 $ */ +/* $Revision: 1.2 $ */ +/* $Date: 2006/03/31 14:15:35 $ */ diff --git a/libtomcrypt/src/pk/asn1/der/sequence/der_decode_sequence.c b/libtomcrypt/src/pk/asn1/der/sequence/der_decode_sequence_ex.c index 335a882..1f65602 100644 --- a/libtomcrypt/src/pk/asn1/der/sequence/der_decode_sequence.c +++ b/libtomcrypt/src/pk/asn1/der/sequence/der_decode_sequence_ex.c @@ -6,14 +6,14 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ #include "tomcrypt.h" #include <stdarg.h> /** - @file der_decode_sequence.c + @file der_decode_sequence_ex.c ASN.1 DER, decode a SEQUENCE, Tom St Denis */ @@ -25,10 +25,11 @@ @param inlen The size of the input @param list The list of items to decode @param outlen The number of items in the list + @param ordered Search an unordeded or ordered list @return CRYPT_OK on success */ -int der_decode_sequence(const unsigned char *in, unsigned long inlen, - ltc_asn1_list *list, unsigned long outlen) +int der_decode_sequence_ex(const unsigned char *in, unsigned long inlen, + ltc_asn1_list *list, unsigned long outlen, int ordered) { int err, type; unsigned long size, x, y, z, i, blksize; @@ -36,17 +37,18 @@ int der_decode_sequence(const unsigned char *in, unsigned long inlen, LTC_ARGCHK(in != NULL); LTC_ARGCHK(list != NULL); - + /* get blk size */ if (inlen < 2) { return CRYPT_INVALID_PACKET; } - /* sequence type? */ + /* sequence type? We allow 0x30 SEQUENCE and 0x31 SET since fundamentally they're the same structure */ x = 0; - if (in[x++] != 0x30) { + if (in[x] != 0x30 && in[x] != 0x31) { return CRYPT_INVALID_PACKET; } + ++x; if (in[x] < 128) { blksize = in[x++]; @@ -73,154 +75,205 @@ int der_decode_sequence(const unsigned char *in, unsigned long inlen, return CRYPT_INVALID_PACKET; } + /* mark all as unused */ + for (i = 0; i < outlen; i++) { + list[i].used = 0; + } + /* ok read data */ inlen = blksize; for (i = 0; i < outlen; i++) { + z = 0; type = list[i].type; size = list[i].size; data = list[i].data; + if (!ordered && list[i].used == 1) { continue; } if (type == LTC_ASN1_EOL) { break; } switch (type) { + case LTC_ASN1_BOOLEAN: + z = inlen; + if ((err = der_decode_boolean(in + x, z, ((int *)data))) != CRYPT_OK) { + goto LBL_ERR; + } + if ((err = der_length_boolean(&z)) != CRYPT_OK) { + goto LBL_ERR; + } + break; + case LTC_ASN1_INTEGER: z = inlen; if ((err = der_decode_integer(in + x, z, data)) != CRYPT_OK) { + if (!ordered) { continue; } goto LBL_ERR; } if ((err = der_length_integer(data, &z)) != CRYPT_OK) { goto LBL_ERR; } - x += z; - inlen -= z; break; - case LTC_ASN1_SHORT_INTEGER: z = inlen; if ((err = der_decode_short_integer(in + x, z, data)) != CRYPT_OK) { + if (!ordered) { continue; } goto LBL_ERR; } - if ((err = der_length_short_integer(size, &z)) != CRYPT_OK) { + if ((err = der_length_short_integer(((unsigned long*)data)[0], &z)) != CRYPT_OK) { goto LBL_ERR; } - x += z; - inlen -= z; + break; case LTC_ASN1_BIT_STRING: z = inlen; if ((err = der_decode_bit_string(in + x, z, data, &size)) != CRYPT_OK) { + if (!ordered) { continue; } goto LBL_ERR; } list[i].size = size; if ((err = der_length_bit_string(size, &z)) != CRYPT_OK) { goto LBL_ERR; } - x += z; - inlen -= z; break; case LTC_ASN1_OCTET_STRING: z = inlen; if ((err = der_decode_octet_string(in + x, z, data, &size)) != CRYPT_OK) { + if (!ordered) { continue; } goto LBL_ERR; } list[i].size = size; if ((err = der_length_octet_string(size, &z)) != CRYPT_OK) { goto LBL_ERR; } - x += z; - inlen -= z; break; case LTC_ASN1_NULL: if (inlen < 2 || in[x] != 0x05 || in[x+1] != 0x00) { + if (!ordered) { continue; } err = CRYPT_INVALID_PACKET; goto LBL_ERR; } - x += 2; - inlen -= 2; + z = 2; break; case LTC_ASN1_OBJECT_IDENTIFIER: z = inlen; if ((err = der_decode_object_identifier(in + x, z, data, &size)) != CRYPT_OK) { + if (!ordered) { continue; } goto LBL_ERR; } list[i].size = size; if ((err = der_length_object_identifier(data, size, &z)) != CRYPT_OK) { goto LBL_ERR; } - x += z; - inlen -= z; break; case LTC_ASN1_IA5_STRING: z = inlen; if ((err = der_decode_ia5_string(in + x, z, data, &size)) != CRYPT_OK) { + if (!ordered) { continue; } goto LBL_ERR; } list[i].size = size; if ((err = der_length_ia5_string(data, size, &z)) != CRYPT_OK) { goto LBL_ERR; } - x += z; - inlen -= z; break; case LTC_ASN1_PRINTABLE_STRING: z = inlen; if ((err = der_decode_printable_string(in + x, z, data, &size)) != CRYPT_OK) { + if (!ordered) { continue; } goto LBL_ERR; } list[i].size = size; if ((err = der_length_printable_string(data, size, &z)) != CRYPT_OK) { goto LBL_ERR; } - x += z; - inlen -= z; + break; + + case LTC_ASN1_UTF8_STRING: + z = inlen; + if ((err = der_decode_utf8_string(in + x, z, data, &size)) != CRYPT_OK) { + if (!ordered) { continue; } + goto LBL_ERR; + } + list[i].size = size; + if ((err = der_length_utf8_string(data, size, &z)) != CRYPT_OK) { + goto LBL_ERR; + } break; case LTC_ASN1_UTCTIME: z = inlen; if ((err = der_decode_utctime(in + x, &z, data)) != CRYPT_OK) { + if (!ordered) { continue; } goto LBL_ERR; } - x += z; - inlen -= z; break; + case LTC_ASN1_SET: + z = inlen; + if ((err = der_decode_set(in + x, z, data, size)) != CRYPT_OK) { + if (!ordered) { continue; } + goto LBL_ERR; + } + if ((err = der_length_sequence(data, size, &z)) != CRYPT_OK) { + goto LBL_ERR; + } + break; + + case LTC_ASN1_SETOF: case LTC_ASN1_SEQUENCE: + /* detect if we have the right type */ + if ((type == LTC_ASN1_SETOF && (in[x] & 0x3F) != 0x31) || (type == LTC_ASN1_SEQUENCE && (in[x] & 0x3F) != 0x30)) { + err = CRYPT_INVALID_PACKET; + goto LBL_ERR; + } + z = inlen; if ((err = der_decode_sequence(in + x, z, data, size)) != CRYPT_OK) { + if (!ordered) { continue; } goto LBL_ERR; } if ((err = der_length_sequence(data, size, &z)) != CRYPT_OK) { goto LBL_ERR; } - x += z; - inlen -= z; break; case LTC_ASN1_CHOICE: z = inlen; if ((err = der_decode_choice(in + x, &z, data, size)) != CRYPT_OK) { + if (!ordered) { continue; } goto LBL_ERR; } - x += z; - inlen -= z; break; default: err = CRYPT_INVALID_ARG; goto LBL_ERR; } + x += z; + inlen -= z; + list[i].used = 1; + if (!ordered) { + /* restart the decoder */ + i = -1; + } } + + for (i = 0; i < outlen; i++) { + if (list[i].used == 0) { + err = CRYPT_INVALID_PACKET; + goto LBL_ERR; + } + } err = CRYPT_OK; LBL_ERR: @@ -229,6 +282,6 @@ LBL_ERR: #endif -/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/sequence/der_decode_sequence.c,v $ */ -/* $Revision: 1.8 $ */ -/* $Date: 2005/06/18 19:20:23 $ */ +/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/sequence/der_decode_sequence_ex.c,v $ */ +/* $Revision: 1.15 $ */ +/* $Date: 2006/11/26 02:25:18 $ */ diff --git a/libtomcrypt/src/pk/asn1/der/sequence/der_decode_sequence_flexi.c b/libtomcrypt/src/pk/asn1/der/sequence/der_decode_sequence_flexi.c new file mode 100644 index 0000000..19d8c86 --- /dev/null +++ b/libtomcrypt/src/pk/asn1/der/sequence/der_decode_sequence_flexi.c @@ -0,0 +1,386 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com + */ +#include "tomcrypt.h" + +/** + @file der_decode_sequence_flexi.c + ASN.1 DER, decode an array of ASN.1 types with a flexi parser, Tom St Denis +*/ + +#ifdef LTC_DER + +static unsigned long fetch_length(const unsigned char *in, unsigned long inlen) +{ + unsigned long x, y, z; + + y = 0; + + /* skip type and read len */ + if (inlen < 2) { + return 0xFFFFFFFF; + } + ++in; ++y; + + /* read len */ + x = *in++; ++y; + + /* <128 means literal */ + if (x < 128) { + return x+y; + } + x &= 0x7F; /* the lower 7 bits are the length of the length */ + inlen -= 2; + + /* len means len of len! */ + if (x == 0 || x > 4 || x > inlen) { + return 0xFFFFFFFF; + } + + y += x; + z = 0; + while (x--) { + z = (z<<8) | ((unsigned long)*in); + ++in; + } + return z+y; +} + +/** + ASN.1 DER Flexi(ble) decoder will decode arbitrary DER packets and create a linked list of the decoded elements. + @param in The input buffer + @param inlen [in/out] The length of the input buffer and on output the amount of decoded data + @param out [out] A pointer to the linked list + @return CRYPT_OK on success. +*/ +int der_decode_sequence_flexi(const unsigned char *in, unsigned long *inlen, ltc_asn1_list **out) +{ + ltc_asn1_list *l; + unsigned long err, type, len, totlen, x, y; + void *realloc_tmp; + + LTC_ARGCHK(in != NULL); + LTC_ARGCHK(inlen != NULL); + LTC_ARGCHK(out != NULL); + + l = NULL; + totlen = 0; + + /* scan the input and and get lengths and what not */ + while (*inlen) { + /* read the type byte */ + type = *in; + + /* fetch length */ + len = fetch_length(in, *inlen); + if (len > *inlen) { + err = CRYPT_INVALID_PACKET; + goto error; + } + + /* alloc new link */ + if (l == NULL) { + l = XCALLOC(1, sizeof(*l)); + if (l == NULL) { + err = CRYPT_MEM; + goto error; + } + } else { + l->next = XCALLOC(1, sizeof(*l)); + if (l->next == NULL) { + err = CRYPT_MEM; + goto error; + } + l->next->prev = l; + l = l->next; + } + + /* now switch on type */ + switch (type) { + case 0x01: /* BOOLEAN */ + l->type = LTC_ASN1_BOOLEAN; + l->size = 1; + l->data = XCALLOC(1, sizeof(int)); + + if ((err = der_decode_boolean(in, *inlen, l->data)) != CRYPT_OK) { + goto error; + } + + if ((err = der_length_boolean(&len)) != CRYPT_OK) { + goto error; + } + break; + + case 0x02: /* INTEGER */ + /* init field */ + l->type = LTC_ASN1_INTEGER; + l->size = 1; + if ((err = mp_init(&l->data)) != CRYPT_OK) { + goto error; + } + + /* decode field */ + if ((err = der_decode_integer(in, *inlen, l->data)) != CRYPT_OK) { + goto error; + } + + /* calc length of object */ + if ((err = der_length_integer(l->data, &len)) != CRYPT_OK) { + goto error; + } + break; + + case 0x03: /* BIT */ + /* init field */ + l->type = LTC_ASN1_BIT_STRING; + l->size = len * 8; /* *8 because we store decoded bits one per char and they are encoded 8 per char. */ + + if ((l->data = XCALLOC(1, l->size)) == NULL) { + err = CRYPT_MEM; + goto error; + } + + if ((err = der_decode_bit_string(in, *inlen, l->data, &l->size)) != CRYPT_OK) { + goto error; + } + + if ((err = der_length_bit_string(l->size, &len)) != CRYPT_OK) { + goto error; + } + break; + + case 0x04: /* OCTET */ + + /* init field */ + l->type = LTC_ASN1_OCTET_STRING; + l->size = len; + + if ((l->data = XCALLOC(1, l->size)) == NULL) { + err = CRYPT_MEM; + goto error; + } + + if ((err = der_decode_octet_string(in, *inlen, l->data, &l->size)) != CRYPT_OK) { + goto error; + } + + if ((err = der_length_octet_string(l->size, &len)) != CRYPT_OK) { + goto error; + } + break; + + case 0x05: /* NULL */ + + /* valid NULL is 0x05 0x00 */ + if (in[0] != 0x05 || in[1] != 0x00) { + err = CRYPT_INVALID_PACKET; + goto error; + } + + /* simple to store ;-) */ + l->type = LTC_ASN1_NULL; + l->data = NULL; + l->size = 0; + len = 2; + + break; + + case 0x06: /* OID */ + + /* init field */ + l->type = LTC_ASN1_OBJECT_IDENTIFIER; + l->size = len; + + if ((l->data = XCALLOC(len, sizeof(unsigned long))) == NULL) { + err = CRYPT_MEM; + goto error; + } + + if ((err = der_decode_object_identifier(in, *inlen, l->data, &l->size)) != CRYPT_OK) { + goto error; + } + + if ((err = der_length_object_identifier(l->data, l->size, &len)) != CRYPT_OK) { + goto error; + } + + /* resize it to save a bunch of mem */ + if ((realloc_tmp = XREALLOC(l->data, l->size * sizeof(unsigned long))) == NULL) { + /* out of heap but this is not an error */ + break; + } + l->data = realloc_tmp; + break; + + case 0x0C: /* UTF8 */ + + /* init field */ + l->type = LTC_ASN1_UTF8_STRING; + l->size = len; + + if ((l->data = XCALLOC(sizeof(wchar_t), l->size)) == NULL) { + err = CRYPT_MEM; + goto error; + } + + if ((err = der_decode_utf8_string(in, *inlen, l->data, &l->size)) != CRYPT_OK) { + goto error; + } + + if ((err = der_length_utf8_string(l->data, l->size, &len)) != CRYPT_OK) { + goto error; + } + break; + + case 0x13: /* PRINTABLE */ + + /* init field */ + l->type = LTC_ASN1_PRINTABLE_STRING; + l->size = len; + + if ((l->data = XCALLOC(1, l->size)) == NULL) { + err = CRYPT_MEM; + goto error; + } + + if ((err = der_decode_printable_string(in, *inlen, l->data, &l->size)) != CRYPT_OK) { + goto error; + } + + if ((err = der_length_printable_string(l->data, l->size, &len)) != CRYPT_OK) { + goto error; + } + break; + + case 0x16: /* IA5 */ + + /* init field */ + l->type = LTC_ASN1_IA5_STRING; + l->size = len; + + if ((l->data = XCALLOC(1, l->size)) == NULL) { + err = CRYPT_MEM; + goto error; + } + + if ((err = der_decode_ia5_string(in, *inlen, l->data, &l->size)) != CRYPT_OK) { + goto error; + } + + if ((err = der_length_ia5_string(l->data, l->size, &len)) != CRYPT_OK) { + goto error; + } + break; + + case 0x17: /* UTC TIME */ + + /* init field */ + l->type = LTC_ASN1_UTCTIME; + l->size = 1; + + if ((l->data = XCALLOC(1, sizeof(ltc_utctime))) == NULL) { + err = CRYPT_MEM; + goto error; + } + + len = *inlen; + if ((err = der_decode_utctime(in, &len, l->data)) != CRYPT_OK) { + goto error; + } + + if ((err = der_length_utctime(l->data, &len)) != CRYPT_OK) { + goto error; + } + break; + + case 0x30: /* SEQUENCE */ + case 0x31: /* SET */ + + /* init field */ + l->type = (type == 0x30) ? LTC_ASN1_SEQUENCE : LTC_ASN1_SET; + + /* we have to decode the SEQUENCE header and get it's length */ + + /* move past type */ + ++in; --(*inlen); + + /* read length byte */ + x = *in++; --(*inlen); + + /* smallest SEQUENCE/SET header */ + y = 2; + + /* now if it's > 127 the next bytes are the length of the length */ + if (x > 128) { + x &= 0x7F; + in += x; + *inlen -= x; + + /* update sequence header len */ + y += x; + } + + /* Sequence elements go as child */ + len = len - y; + if ((err = der_decode_sequence_flexi(in, &len, &(l->child))) != CRYPT_OK) { + goto error; + } + + /* len update */ + totlen += y; + + /* link them up y0 */ + l->child->parent = l; + + break; + default: + /* invalid byte ... this is a soft error */ + /* remove link */ + l = l->prev; + XFREE(l->next); + l->next = NULL; + goto outside; + } + + /* advance pointers */ + totlen += len; + in += len; + *inlen -= len; + } + +outside: + + /* rewind l please */ + while (l->prev != NULL || l->parent != NULL) { + if (l->parent != NULL) { + l = l->parent; + } else { + l = l->prev; + } + } + + /* return */ + *out = l; + *inlen = totlen; + return CRYPT_OK; + +error: + /* free list */ + der_sequence_free(l); + + return err; +} + +#endif + + +/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/sequence/der_decode_sequence_flexi.c,v $ */ +/* $Revision: 1.25 $ */ +/* $Date: 2006/11/26 02:25:18 $ */ diff --git a/libtomcrypt/src/pk/asn1/der/sequence/der_decode_sequence_multi.c b/libtomcrypt/src/pk/asn1/der/sequence/der_decode_sequence_multi.c index a4a1038..a15c182 100644 --- a/libtomcrypt/src/pk/asn1/der/sequence/der_decode_sequence_multi.c +++ b/libtomcrypt/src/pk/asn1/der/sequence/der_decode_sequence_multi.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ #include "tomcrypt.h" #include <stdarg.h> @@ -19,6 +19,13 @@ #ifdef LTC_DER +/** + Decode a SEQUENCE type using a VA list + @param in Input buffer + @param inlen Length of input in octets + @remark <...> is of the form <type, size, data> (int, unsigned long, void*) + @return CRYPT_OK on success +*/ int der_decode_sequence_multi(const unsigned char *in, unsigned long inlen, ...) { int err, type; @@ -42,6 +49,7 @@ int der_decode_sequence_multi(const unsigned char *in, unsigned long inlen, ...) } switch (type) { + case LTC_ASN1_BOOLEAN: case LTC_ASN1_INTEGER: case LTC_ASN1_SHORT_INTEGER: case LTC_ASN1_BIT_STRING: @@ -50,7 +58,10 @@ int der_decode_sequence_multi(const unsigned char *in, unsigned long inlen, ...) case LTC_ASN1_OBJECT_IDENTIFIER: case LTC_ASN1_IA5_STRING: case LTC_ASN1_PRINTABLE_STRING: + case LTC_ASN1_UTF8_STRING: case LTC_ASN1_UTCTIME: + case LTC_ASN1_SET: + case LTC_ASN1_SETOF: case LTC_ASN1_SEQUENCE: case LTC_ASN1_CHOICE: ++x; @@ -86,6 +97,7 @@ int der_decode_sequence_multi(const unsigned char *in, unsigned long inlen, ...) } switch (type) { + case LTC_ASN1_BOOLEAN: case LTC_ASN1_INTEGER: case LTC_ASN1_SHORT_INTEGER: case LTC_ASN1_BIT_STRING: @@ -94,8 +106,11 @@ int der_decode_sequence_multi(const unsigned char *in, unsigned long inlen, ...) case LTC_ASN1_OBJECT_IDENTIFIER: case LTC_ASN1_IA5_STRING: case LTC_ASN1_PRINTABLE_STRING: + case LTC_ASN1_UTF8_STRING: case LTC_ASN1_UTCTIME: case LTC_ASN1_SEQUENCE: + case LTC_ASN1_SET: + case LTC_ASN1_SETOF: case LTC_ASN1_CHOICE: list[x].type = type; list[x].size = size; @@ -120,5 +135,5 @@ LBL_ERR: /* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/sequence/der_decode_sequence_multi.c,v $ */ -/* $Revision: 1.7 $ */ -/* $Date: 2005/06/18 19:20:23 $ */ +/* $Revision: 1.12 $ */ +/* $Date: 2006/11/26 02:25:18 $ */ diff --git a/libtomcrypt/src/pk/asn1/der/sequence/der_encode_sequence.c b/libtomcrypt/src/pk/asn1/der/sequence/der_encode_sequence_ex.c index d53153c..cdb4f1e 100644 --- a/libtomcrypt/src/pk/asn1/der/sequence/der_encode_sequence.c +++ b/libtomcrypt/src/pk/asn1/der/sequence/der_encode_sequence_ex.c @@ -6,14 +6,14 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ #include "tomcrypt.h" #include <stdarg.h> /** - @file der_encode_sequence.c + @file der_encode_sequence_ex.c ASN.1 DER, encode a SEQUENCE, Tom St Denis */ @@ -25,10 +25,11 @@ @param inlen The number of items in the list @param out [out] The destination @param outlen [in/out] The size of the output + @param type_of LTC_ASN1_SEQUENCE or LTC_ASN1_SET/LTC_ASN1_SETOF @return CRYPT_OK on success */ -int der_encode_sequence(ltc_asn1_list *list, unsigned long inlen, - unsigned char *out, unsigned long *outlen) +int der_encode_sequence_ex(ltc_asn1_list *list, unsigned long inlen, + unsigned char *out, unsigned long *outlen, int type_of) { int err, type; unsigned long size, x, y, z, i; @@ -50,6 +51,13 @@ int der_encode_sequence(ltc_asn1_list *list, unsigned long inlen, } switch (type) { + case LTC_ASN1_BOOLEAN: + if ((err = der_length_boolean(&x)) != CRYPT_OK) { + goto LBL_ERR; + } + y += x; + break; + case LTC_ASN1_INTEGER: if ((err = der_length_integer(data, &x)) != CRYPT_OK) { goto LBL_ERR; @@ -103,6 +111,13 @@ int der_encode_sequence(ltc_asn1_list *list, unsigned long inlen, y += x; break; + case LTC_ASN1_UTF8_STRING: + if ((err = der_length_utf8_string(data, size, &x)) != CRYPT_OK) { + goto LBL_ERR; + } + y += x; + break; + case LTC_ASN1_UTCTIME: if ((err = der_length_utctime(data, &x)) != CRYPT_OK) { goto LBL_ERR; @@ -110,13 +125,14 @@ int der_encode_sequence(ltc_asn1_list *list, unsigned long inlen, y += x; break; + case LTC_ASN1_SET: + case LTC_ASN1_SETOF: case LTC_ASN1_SEQUENCE: if ((err = der_length_sequence(data, size, &x)) != CRYPT_OK) { goto LBL_ERR; } y += x; break; - default: err = CRYPT_INVALID_ARG; @@ -144,27 +160,29 @@ int der_encode_sequence(ltc_asn1_list *list, unsigned long inlen, /* too big ? */ if (*outlen < y) { + *outlen = y; err = CRYPT_BUFFER_OVERFLOW; goto LBL_ERR; } /* store header */ x = 0; - out[x++] = 0x30; + out[x++] = (type_of == LTC_ASN1_SEQUENCE) ? 0x30 : 0x31; + if (z < 128) { - out[x++] = z; + out[x++] = (unsigned char)z; } else if (z < 256) { out[x++] = 0x81; - out[x++] = z; + out[x++] = (unsigned char)z; } else if (z < 65536UL) { out[x++] = 0x82; - out[x++] = (z>>8UL)&255; - out[x++] = z&255; + out[x++] = (unsigned char)((z>>8UL)&255); + out[x++] = (unsigned char)(z&255); } else if (z < 16777216UL) { out[x++] = 0x83; - out[x++] = (z>>16UL)&255; - out[x++] = (z>>8UL)&255; - out[x++] = z&255; + out[x++] = (unsigned char)((z>>16UL)&255); + out[x++] = (unsigned char)((z>>8UL)&255); + out[x++] = (unsigned char)(z&255); } /* store data */ @@ -179,6 +197,15 @@ int der_encode_sequence(ltc_asn1_list *list, unsigned long inlen, } switch (type) { + case LTC_ASN1_BOOLEAN: + z = *outlen; + if ((err = der_encode_boolean(*((int *)data), out + x, &z)) != CRYPT_OK) { + goto LBL_ERR; + } + x += z; + *outlen -= z; + break; + case LTC_ASN1_INTEGER: z = *outlen; if ((err = der_encode_integer(data, out + x, &z)) != CRYPT_OK) { @@ -248,6 +275,15 @@ int der_encode_sequence(ltc_asn1_list *list, unsigned long inlen, *outlen -= z; break; + case LTC_ASN1_UTF8_STRING: + z = *outlen; + if ((err = der_encode_utf8_string(data, size, out + x, &z)) != CRYPT_OK) { + goto LBL_ERR; + } + x += z; + *outlen -= z; + break; + case LTC_ASN1_UTCTIME: z = *outlen; if ((err = der_encode_utctime(data, out + x, &z)) != CRYPT_OK) { @@ -257,15 +293,33 @@ int der_encode_sequence(ltc_asn1_list *list, unsigned long inlen, *outlen -= z; break; - case LTC_ASN1_SEQUENCE: + case LTC_ASN1_SET: + z = *outlen; + if ((err = der_encode_set(data, size, out + x, &z)) != CRYPT_OK) { + goto LBL_ERR; + } + x += z; + *outlen -= z; + break; + + case LTC_ASN1_SETOF: z = *outlen; - if ((err = der_encode_sequence(data, size, out + x, &z)) != CRYPT_OK) { + if ((err = der_encode_setof(data, size, out + x, &z)) != CRYPT_OK) { goto LBL_ERR; } x += z; *outlen -= z; break; + case LTC_ASN1_SEQUENCE: + z = *outlen; + if ((err = der_encode_sequence_ex(data, size, out + x, &z, type)) != CRYPT_OK) { + goto LBL_ERR; + } + x += z; + *outlen -= z; + break; + default: err = CRYPT_INVALID_ARG; goto LBL_ERR; diff --git a/libtomcrypt/src/pk/asn1/der/sequence/der_encode_sequence_multi.c b/libtomcrypt/src/pk/asn1/der/sequence/der_encode_sequence_multi.c index 9ff48b9..da34c64 100644 --- a/libtomcrypt/src/pk/asn1/der/sequence/der_encode_sequence_multi.c +++ b/libtomcrypt/src/pk/asn1/der/sequence/der_encode_sequence_multi.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ #include "tomcrypt.h" #include <stdarg.h> @@ -19,6 +19,13 @@ #ifdef LTC_DER +/** + Encode a SEQUENCE type using a VA list + @param out [out] Destination for data + @param outlen [in/out] Length of buffer and resulting length of output + @remark <...> is of the form <type, size, data> (int, unsigned long, void*) + @return CRYPT_OK on success +*/ int der_encode_sequence_multi(unsigned char *out, unsigned long *outlen, ...) { int err, type; @@ -43,6 +50,7 @@ int der_encode_sequence_multi(unsigned char *out, unsigned long *outlen, ...) } switch (type) { + case LTC_ASN1_BOOLEAN: case LTC_ASN1_INTEGER: case LTC_ASN1_SHORT_INTEGER: case LTC_ASN1_BIT_STRING: @@ -51,8 +59,11 @@ int der_encode_sequence_multi(unsigned char *out, unsigned long *outlen, ...) case LTC_ASN1_OBJECT_IDENTIFIER: case LTC_ASN1_IA5_STRING: case LTC_ASN1_PRINTABLE_STRING: + case LTC_ASN1_UTF8_STRING: case LTC_ASN1_UTCTIME: case LTC_ASN1_SEQUENCE: + case LTC_ASN1_SET: + case LTC_ASN1_SETOF: ++x; break; @@ -86,6 +97,7 @@ int der_encode_sequence_multi(unsigned char *out, unsigned long *outlen, ...) } switch (type) { + case LTC_ASN1_BOOLEAN: case LTC_ASN1_INTEGER: case LTC_ASN1_SHORT_INTEGER: case LTC_ASN1_BIT_STRING: @@ -94,8 +106,11 @@ int der_encode_sequence_multi(unsigned char *out, unsigned long *outlen, ...) case LTC_ASN1_OBJECT_IDENTIFIER: case LTC_ASN1_IA5_STRING: case LTC_ASN1_PRINTABLE_STRING: + case LTC_ASN1_UTF8_STRING: case LTC_ASN1_UTCTIME: case LTC_ASN1_SEQUENCE: + case LTC_ASN1_SET: + case LTC_ASN1_SETOF: list[x].type = type; list[x].size = size; list[x++].data = data; @@ -119,5 +134,5 @@ LBL_ERR: /* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/sequence/der_encode_sequence_multi.c,v $ */ -/* $Revision: 1.6 $ */ -/* $Date: 2005/06/18 19:20:23 $ */ +/* $Revision: 1.11 $ */ +/* $Date: 2006/11/26 02:25:18 $ */ diff --git a/libtomcrypt/src/pk/asn1/der/sequence/der_length_sequence.c b/libtomcrypt/src/pk/asn1/der/sequence/der_length_sequence.c index 9120451..36f4a2a 100644 --- a/libtomcrypt/src/pk/asn1/der/sequence/der_length_sequence.c +++ b/libtomcrypt/src/pk/asn1/der/sequence/der_length_sequence.c @@ -6,11 +6,9 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ #include "tomcrypt.h" -#include <stdarg.h> - /** @file der_length_sequence.c @@ -48,6 +46,13 @@ int der_length_sequence(ltc_asn1_list *list, unsigned long inlen, } switch (type) { + case LTC_ASN1_BOOLEAN: + if ((err = der_length_boolean(&x)) != CRYPT_OK) { + goto LBL_ERR; + } + y += x; + break; + case LTC_ASN1_INTEGER: if ((err = der_length_integer(data, &x)) != CRYPT_OK) { goto LBL_ERR; @@ -101,6 +106,22 @@ int der_length_sequence(ltc_asn1_list *list, unsigned long inlen, y += x; break; + case LTC_ASN1_UTCTIME: + if ((err = der_length_utctime(data, &x)) != CRYPT_OK) { + goto LBL_ERR; + } + y += x; + break; + + case LTC_ASN1_UTF8_STRING: + if ((err = der_length_utf8_string(data, size, &x)) != CRYPT_OK) { + goto LBL_ERR; + } + y += x; + break; + + case LTC_ASN1_SET: + case LTC_ASN1_SETOF: case LTC_ASN1_SEQUENCE: if ((err = der_length_sequence(data, size, &x)) != CRYPT_OK) { goto LBL_ERR; @@ -142,3 +163,7 @@ LBL_ERR: } #endif + +/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/sequence/der_length_sequence.c,v $ */ +/* $Revision: 1.13 $ */ +/* $Date: 2006/11/26 02:25:18 $ */ diff --git a/libtomcrypt/src/pk/asn1/der/sequence/der_sequence_free.c b/libtomcrypt/src/pk/asn1/der/sequence/der_sequence_free.c new file mode 100644 index 0000000..dc826e3 --- /dev/null +++ b/libtomcrypt/src/pk/asn1/der/sequence/der_sequence_free.c @@ -0,0 +1,65 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com + */ +#include "tomcrypt.h" + +/** + @file der_sequence_free.c + ASN.1 DER, free's a structure allocated by der_decode_sequence_flexi(), Tom St Denis +*/ + +#ifdef LTC_DER + +/** + Free memory allocated by der_decode_sequence_flexi() + @param in The list to free +*/ +void der_sequence_free(ltc_asn1_list *in) +{ + ltc_asn1_list *l; + + /* walk to the start of the chain */ + while (in->prev != NULL || in->parent != NULL) { + if (in->parent != NULL) { + in = in->parent; + } else { + in = in->prev; + } + } + + /* now walk the list and free stuff */ + while (in != NULL) { + /* is there a child? */ + if (in->child) { + /* disconnect */ + in->child->parent = NULL; + der_sequence_free(in->child); + } + + switch (in->type) { + case LTC_ASN1_SET: + case LTC_ASN1_SETOF: + case LTC_ASN1_SEQUENCE: break; + case LTC_ASN1_INTEGER : if (in->data != NULL) { mp_clear(in->data); } break; + default : if (in->data != NULL) { XFREE(in->data); } + } + + /* move to next and free current */ + l = in->next; + free(in); + in = l; + } +} + +#endif + +/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/sequence/der_sequence_free.c,v $ */ +/* $Revision: 1.3 $ */ +/* $Date: 2006/03/31 14:15:35 $ */ diff --git a/libtomcrypt/src/pk/asn1/der/set/der_encode_set.c b/libtomcrypt/src/pk/asn1/der/set/der_encode_set.c new file mode 100644 index 0000000..a08d2b0 --- /dev/null +++ b/libtomcrypt/src/pk/asn1/der/set/der_encode_set.c @@ -0,0 +1,103 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com + */ +#include "tomcrypt.h" + +/** + @file der_encode_set.c + ASN.1 DER, Encode a SET, Tom St Denis +*/ + +#ifdef LTC_DER + +/* LTC define to ASN.1 TAG */ +static int ltc_to_asn1(int v) +{ + switch (v) { + case LTC_ASN1_BOOLEAN: return 0x01; + case LTC_ASN1_INTEGER: + case LTC_ASN1_SHORT_INTEGER: return 0x02; + case LTC_ASN1_BIT_STRING: return 0x03; + case LTC_ASN1_OCTET_STRING: return 0x04; + case LTC_ASN1_NULL: return 0x05; + case LTC_ASN1_OBJECT_IDENTIFIER: return 0x06; + case LTC_ASN1_UTF8_STRING: return 0x0C; + case LTC_ASN1_PRINTABLE_STRING: return 0x13; + case LTC_ASN1_IA5_STRING: return 0x16; + case LTC_ASN1_UTCTIME: return 0x17; + case LTC_ASN1_SEQUENCE: return 0x30; + case LTC_ASN1_SET: + case LTC_ASN1_SETOF: return 0x31; + default: return -1; + } +} + + +static int qsort_helper(const void *a, const void *b) +{ + ltc_asn1_list *A = (ltc_asn1_list *)a, *B = (ltc_asn1_list *)b; + int r; + + r = ltc_to_asn1(A->type) - ltc_to_asn1(B->type); + + /* for QSORT the order is UNDEFINED if they are "equal" which means it is NOT DETERMINISTIC. So we force it to be :-) */ + if (r == 0) { + /* their order in the original list now determines the position */ + return A->used - B->used; + } else { + return r; + } +} + +/* + Encode a SET type + @param list The list of items to encode + @param inlen The number of items in the list + @param out [out] The destination + @param outlen [in/out] The size of the output + @return CRYPT_OK on success +*/ +int der_encode_set(ltc_asn1_list *list, unsigned long inlen, + unsigned char *out, unsigned long *outlen) +{ + ltc_asn1_list *copy; + unsigned long x; + int err; + + /* make copy of list */ + copy = XCALLOC(inlen, sizeof(*copy)); + if (copy == NULL) { + return CRYPT_MEM; + } + + /* fill in used member with index so we can fully sort it */ + for (x = 0; x < inlen; x++) { + copy[x] = list[x]; + copy[x].used = x; + } + + /* sort it by the "type" field */ + XQSORT(copy, inlen, sizeof(*copy), &qsort_helper); + + /* call der_encode_sequence_ex() */ + err = der_encode_sequence_ex(copy, inlen, out, outlen, LTC_ASN1_SET); + + /* free list */ + XFREE(copy); + + return err; +} + + +#endif + +/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/set/der_encode_set.c,v $ */ +/* $Revision: 1.11 $ */ +/* $Date: 2006/11/26 02:27:37 $ */ diff --git a/libtomcrypt/src/pk/asn1/der/set/der_encode_setof.c b/libtomcrypt/src/pk/asn1/der/set/der_encode_setof.c new file mode 100644 index 0000000..6c12eb4 --- /dev/null +++ b/libtomcrypt/src/pk/asn1/der/set/der_encode_setof.c @@ -0,0 +1,162 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com + */ +#include "tomcrypt.h" + +/** + @file der_encode_setof.c + ASN.1 DER, Encode SET OF, Tom St Denis +*/ + +#ifdef LTC_DER + +struct edge { + unsigned char *start; + unsigned long size; +}; + +static int qsort_helper(const void *a, const void *b) +{ + struct edge *A = (struct edge *)a, *B = (struct edge *)b; + int r; + unsigned long x; + + /* compare min length */ + r = XMEMCMP(A->start, B->start, MIN(A->size, B->size)); + + if (r == 0 && A->size != B->size) { + if (A->size > B->size) { + for (x = B->size; x < A->size; x++) { + if (A->start[x]) { + return 1; + } + } + } else { + for (x = A->size; x < B->size; x++) { + if (B->start[x]) { + return -1; + } + } + } + } + + return r; +} + +/** + Encode a SETOF stucture + @param list The list of items to encode + @param inlen The number of items in the list + @param out [out] The destination + @param outlen [in/out] The size of the output + @return CRYPT_OK on success +*/ +int der_encode_setof(ltc_asn1_list *list, unsigned long inlen, + unsigned char *out, unsigned long *outlen) +{ + unsigned long x, y, z, hdrlen; + int err; + struct edge *edges; + unsigned char *ptr, *buf; + + /* check that they're all the same type */ + for (x = 1; x < inlen; x++) { + if (list[x].type != list[x-1].type) { + return CRYPT_INVALID_ARG; + } + } + + /* alloc buffer to store copy of output */ + buf = XCALLOC(1, *outlen); + if (buf == NULL) { + return CRYPT_MEM; + } + + /* encode list */ + if ((err = der_encode_sequence_ex(list, inlen, buf, outlen, LTC_ASN1_SETOF)) != CRYPT_OK) { + XFREE(buf); + return err; + } + + /* allocate edges */ + edges = XCALLOC(inlen, sizeof(*edges)); + if (edges == NULL) { + XFREE(buf); + return CRYPT_MEM; + } + + /* skip header */ + ptr = buf + 1; + + /* now skip length data */ + x = *ptr++; + if (x >= 0x80) { + ptr += (x & 0x7F); + } + + /* get the size of the static header */ + hdrlen = ((unsigned long)ptr) - ((unsigned long)buf); + + + /* scan for edges */ + x = 0; + while (ptr < (buf + *outlen)) { + /* store start */ + edges[x].start = ptr; + + /* skip type */ + z = 1; + + /* parse length */ + y = ptr[z++]; + if (y < 128) { + edges[x].size = y; + } else { + y &= 0x7F; + edges[x].size = 0; + while (y--) { + edges[x].size = (edges[x].size << 8) | ((unsigned long)ptr[z++]); + } + } + + /* skip content */ + edges[x].size += z; + ptr += edges[x].size; + ++x; + } + + /* sort based on contents (using edges) */ + XQSORT(edges, inlen, sizeof(*edges), &qsort_helper); + + /* copy static header */ + XMEMCPY(out, buf, hdrlen); + + /* copy+sort using edges+indecies to output from buffer */ + for (y = hdrlen, x = 0; x < inlen; x++) { + XMEMCPY(out+y, edges[x].start, edges[x].size); + y += edges[x].size; + } + +#ifdef LTC_CLEAN_STACK + zeromem(buf, *outlen); +#endif + + /* free buffers */ + XFREE(edges); + XFREE(buf); + + return CRYPT_OK; +} + +#endif + +/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/set/der_encode_setof.c,v $ */ +/* $Revision: 1.11 $ */ +/* $Date: 2006/03/31 14:15:35 $ */ diff --git a/libtomcrypt/src/pk/asn1/der/short_integer/der_decode_short_integer.c b/libtomcrypt/src/pk/asn1/der/short_integer/der_decode_short_integer.c index 7d3d3b7..1407e9a 100644 --- a/libtomcrypt/src/pk/asn1/der/short_integer/der_decode_short_integer.c +++ b/libtomcrypt/src/pk/asn1/der/short_integer/der_decode_short_integer.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ #include "tomcrypt.h" @@ -19,7 +19,7 @@ #ifdef LTC_DER /** - Read a mp_int integer + Read a short integer @param in The DER encoded data @param inlen Size of data @param num [out] The integer to decode @@ -64,5 +64,5 @@ int der_decode_short_integer(const unsigned char *in, unsigned long inlen, unsig #endif /* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/short_integer/der_decode_short_integer.c,v $ */ -/* $Revision: 1.4 $ */ -/* $Date: 2005/05/23 01:04:13 $ */ +/* $Revision: 1.6 $ */ +/* $Date: 2006/03/31 14:15:35 $ */ diff --git a/libtomcrypt/src/pk/asn1/der/short_integer/der_encode_short_integer.c b/libtomcrypt/src/pk/asn1/der/short_integer/der_encode_short_integer.c index eb94d38..95da2fa 100644 --- a/libtomcrypt/src/pk/asn1/der/short_integer/der_encode_short_integer.c +++ b/libtomcrypt/src/pk/asn1/der/short_integer/der_encode_short_integer.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ #include "tomcrypt.h" @@ -18,9 +18,8 @@ #ifdef LTC_DER -/* Exports a positive integer as DER format (upto 32-bits in size) */ /** - Store a mp_int integer + Store a short integer in the range (0,2^32-1) @param num The integer to encode @param out [out] The destination for the DER encoded integers @param outlen [in/out] The max size and resulting size of the DER encoded integers @@ -43,6 +42,7 @@ int der_encode_short_integer(unsigned long num, unsigned char *out, unsigned lon } if (*outlen < len) { + *outlen = len; return CRYPT_BUFFER_OVERFLOW; } @@ -70,7 +70,7 @@ int der_encode_short_integer(unsigned long num, unsigned char *out, unsigned lon /* store header */ x = 0; out[x++] = 0x02; - out[x++] = z; + out[x++] = (unsigned char)z; /* if 31st bit is set output a leading zero and decrement count */ if (z == 5) { @@ -80,7 +80,7 @@ int der_encode_short_integer(unsigned long num, unsigned char *out, unsigned lon /* store values */ for (y = 0; y < z; y++) { - out[x++] = (num >> 24) & 0xFF; + out[x++] = (unsigned char)((num >> 24) & 0xFF); num <<= 8; } @@ -93,5 +93,5 @@ int der_encode_short_integer(unsigned long num, unsigned char *out, unsigned lon #endif /* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/short_integer/der_encode_short_integer.c,v $ */ -/* $Revision: 1.3 $ */ -/* $Date: 2005/05/23 01:27:03 $ */ +/* $Revision: 1.7 $ */ +/* $Date: 2006/12/04 21:34:03 $ */ diff --git a/libtomcrypt/src/pk/asn1/der/short_integer/der_length_short_integer.c b/libtomcrypt/src/pk/asn1/der/short_integer/der_length_short_integer.c index 7324b4a..073e294 100644 --- a/libtomcrypt/src/pk/asn1/der/short_integer/der_length_short_integer.c +++ b/libtomcrypt/src/pk/asn1/der/short_integer/der_length_short_integer.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ #include "tomcrypt.h" @@ -39,7 +39,7 @@ int der_length_short_integer(unsigned long num, unsigned long *outlen) ++z; y >>= 8; } - + /* handle zero */ if (z == 0) { z = 1; @@ -59,11 +59,12 @@ int der_length_short_integer(unsigned long num, unsigned long *outlen) /* return length */ *outlen = len; + return CRYPT_OK; } #endif /* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/short_integer/der_length_short_integer.c,v $ */ -/* $Revision: 1.3 $ */ -/* $Date: 2005/05/23 01:35:38 $ */ +/* $Revision: 1.5 $ */ +/* $Date: 2006/03/31 14:15:35 $ */ diff --git a/libtomcrypt/src/pk/asn1/der/utctime/der_decode_utctime.c b/libtomcrypt/src/pk/asn1/der/utctime/der_decode_utctime.c index 43ba033..8a1f5fb 100644 --- a/libtomcrypt/src/pk/asn1/der/utctime/der_decode_utctime.c +++ b/libtomcrypt/src/pk/asn1/der/utctime/der_decode_utctime.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ #include "tomcrypt.h" @@ -39,6 +39,13 @@ static int char_to_int(unsigned char x) if (y >= max) return CRYPT_INVALID_PACKET; \ x += 2; +/** + Decodes a UTC time structure in DER format (reads all 6 valid encoding formats) + @param in Input buffer + @param inlen Length of input buffer in octets + @param out [out] Destination of UTC time structure + @return CRYPT_OK if successful +*/ int der_decode_utctime(const unsigned char *in, unsigned long *inlen, ltc_utctime *out) { @@ -116,5 +123,5 @@ YYMMDDhhmmss-hh'mm' #endif /* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/utctime/der_decode_utctime.c,v $ */ -/* $Revision: 1.6 $ */ -/* $Date: 2005/06/19 12:07:00 $ */ +/* $Revision: 1.8 $ */ +/* $Date: 2006/03/31 14:15:35 $ */ diff --git a/libtomcrypt/src/pk/asn1/der/utctime/der_encode_utctime.c b/libtomcrypt/src/pk/asn1/der/utctime/der_encode_utctime.c index dad8c84..ae2ccbe 100644 --- a/libtomcrypt/src/pk/asn1/der/utctime/der_encode_utctime.c +++ b/libtomcrypt/src/pk/asn1/der/utctime/der_encode_utctime.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ #include "tomcrypt.h" @@ -24,8 +24,10 @@ static const char *baseten = "0123456789"; out[x++] = der_ia5_char_encode(baseten[y % 10]); /** - Gets length of DER encoding of UTCTIME - @param outlen [out] The length of the DER encoding + Encodes a UTC time structure in DER format + @param utctime The UTC time structure to encode + @param out The destination of the DER encoding of the UTC time structure + @param outlen [in/out] The length of the DER encoding @return CRYPT_OK if successful */ int der_encode_utctime(ltc_utctime *utctime, @@ -42,6 +44,7 @@ int der_encode_utctime(ltc_utctime *utctime, return err; } if (tmplen > *outlen) { + *outlen = tmplen; return CRYPT_BUFFER_OVERFLOW; } @@ -66,7 +69,7 @@ int der_encode_utctime(ltc_utctime *utctime, } /* store length */ - out[1] = x - 2; + out[1] = (unsigned char)(x - 2); /* all good let's return */ *outlen = x; @@ -76,5 +79,5 @@ int der_encode_utctime(ltc_utctime *utctime, #endif /* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/utctime/der_encode_utctime.c,v $ */ -/* $Revision: 1.5 $ */ -/* $Date: 2005/06/19 12:07:00 $ */ +/* $Revision: 1.9 $ */ +/* $Date: 2006/12/04 21:34:03 $ */ diff --git a/libtomcrypt/src/pk/asn1/der/utctime/der_length_utctime.c b/libtomcrypt/src/pk/asn1/der/utctime/der_length_utctime.c index 84e654a..60f09de 100644 --- a/libtomcrypt/src/pk/asn1/der/utctime/der_length_utctime.c +++ b/libtomcrypt/src/pk/asn1/der/utctime/der_length_utctime.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ #include "tomcrypt.h" @@ -19,6 +19,7 @@ /** Gets length of DER encoding of UTCTIME + @param utctime The UTC time structure to get the size of @param outlen [out] The length of the DER encoding @return CRYPT_OK if successful */ @@ -41,5 +42,5 @@ int der_length_utctime(ltc_utctime *utctime, unsigned long *outlen) #endif /* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/utctime/der_length_utctime.c,v $ */ -/* $Revision: 1.2 $ */ -/* $Date: 2005/06/19 11:23:04 $ */ +/* $Revision: 1.4 $ */ +/* $Date: 2006/03/31 14:15:35 $ */ diff --git a/libtomcrypt/src/pk/asn1/der/utf8/der_decode_utf8_string.c b/libtomcrypt/src/pk/asn1/der/utf8/der_decode_utf8_string.c new file mode 100644 index 0000000..28b5520 --- /dev/null +++ b/libtomcrypt/src/pk/asn1/der/utf8/der_decode_utf8_string.c @@ -0,0 +1,111 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com + */ +#include "tomcrypt.h" + +/** + @file der_decode_utf8_string.c + ASN.1 DER, encode a UTF8 STRING, Tom St Denis +*/ + + +#ifdef LTC_DER + +/** + Store a UTF8 STRING + @param in The DER encoded UTF8 STRING + @param inlen The size of the DER UTF8 STRING + @param out [out] The array of utf8s stored (one per char) + @param outlen [in/out] The number of utf8s stored + @return CRYPT_OK if successful +*/ +int der_decode_utf8_string(const unsigned char *in, unsigned long inlen, + wchar_t *out, unsigned long *outlen) +{ + wchar_t tmp; + unsigned long x, y, z, len; + + LTC_ARGCHK(in != NULL); + LTC_ARGCHK(out != NULL); + LTC_ARGCHK(outlen != NULL); + + /* must have header at least */ + if (inlen < 2) { + return CRYPT_INVALID_PACKET; + } + + /* check for 0x0C */ + if ((in[0] & 0x1F) != 0x0C) { + return CRYPT_INVALID_PACKET; + } + x = 1; + + /* decode the length */ + if (in[x] & 0x80) { + /* valid # of bytes in length are 1,2,3 */ + y = in[x] & 0x7F; + if ((y == 0) || (y > 3) || ((x + y) > inlen)) { + return CRYPT_INVALID_PACKET; + } + + /* read the length in */ + len = 0; + ++x; + while (y--) { + len = (len << 8) | in[x++]; + } + } else { + len = in[x++] & 0x7F; + } + + if (len + x > inlen) { + return CRYPT_INVALID_PACKET; + } + + /* proceed to decode */ + for (y = 0; x < inlen; ) { + /* get first byte */ + tmp = in[x++]; + + /* count number of bytes */ + for (z = 0; (tmp & 0x80) && (z <= 4); z++, tmp = (tmp << 1) & 0xFF); + + if (z > 4 || (x + (z - 1) > inlen)) { + return CRYPT_INVALID_PACKET; + } + + /* decode, grab upper bits */ + tmp >>= z; + + /* grab remaining bytes */ + if (z > 1) { --z; } + while (z-- != 0) { + if ((in[x] & 0xC0) != 0x80) { + return CRYPT_INVALID_PACKET; + } + tmp = (tmp << 6) | ((wchar_t)in[x++] & 0x3F); + } + + if (y > *outlen) { + *outlen = y; + return CRYPT_BUFFER_OVERFLOW; + } + out[y++] = tmp; + } + *outlen = y; + + return CRYPT_OK; +} + +#endif + +/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/utf8/der_decode_utf8_string.c,v $ */ +/* $Revision: 1.7 $ */ +/* $Date: 2006/11/26 02:27:37 $ */ diff --git a/libtomcrypt/src/pk/asn1/der/utf8/der_encode_utf8_string.c b/libtomcrypt/src/pk/asn1/der/utf8/der_encode_utf8_string.c new file mode 100644 index 0000000..2dd6081 --- /dev/null +++ b/libtomcrypt/src/pk/asn1/der/utf8/der_encode_utf8_string.c @@ -0,0 +1,105 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com + */ +#include "tomcrypt.h" + +/** + @file der_encode_utf8_string.c + ASN.1 DER, encode a UTF8 STRING, Tom St Denis +*/ + + +#ifdef LTC_DER + +/** + Store an UTF8 STRING + @param in The array of UTF8 to store (one per wchar_t) + @param inlen The number of UTF8 to store + @param out [out] The destination for the DER encoded UTF8 STRING + @param outlen [in/out] The max size and resulting size of the DER UTF8 STRING + @return CRYPT_OK if successful +*/ +int der_encode_utf8_string(const wchar_t *in, unsigned long inlen, + unsigned char *out, unsigned long *outlen) +{ + unsigned long x, y, len; + + LTC_ARGCHK(in != NULL); + LTC_ARGCHK(out != NULL); + LTC_ARGCHK(outlen != NULL); + + /* get the size */ + for (x = len = 0; x < inlen; x++) { + if (in[x] < 0 || in[x] > 0x1FFFF) { + return CRYPT_INVALID_ARG; + } + len += der_utf8_charsize(in[x]); + } + + if (len < 128) { + y = 2 + len; + } else if (len < 256) { + y = 3 + len; + } else if (len < 65536UL) { + y = 4 + len; + } else if (len < 16777216UL) { + y = 5 + len; + } else { + return CRYPT_INVALID_ARG; + } + + /* too big? */ + if (y > *outlen) { + *outlen = len; + return CRYPT_BUFFER_OVERFLOW; + } + + /* encode the header+len */ + x = 0; + out[x++] = 0x0C; + if (len < 128) { + out[x++] = len; + } else if (len < 256) { + out[x++] = 0x81; + out[x++] = len; + } else if (len < 65536UL) { + out[x++] = 0x82; + out[x++] = (len>>8)&255; + out[x++] = len&255; + } else if (len < 16777216UL) { + out[x++] = 0x83; + out[x++] = (len>>16)&255; + out[x++] = (len>>8)&255; + out[x++] = len&255; + } else { + return CRYPT_INVALID_ARG; + } + + /* store UTF8 */ + for (y = 0; y < inlen; y++) { + switch (der_utf8_charsize(in[y])) { + case 1: out[x++] = in[y]; break; + case 2: out[x++] = 0xC0 | ((in[y] >> 6) & 0x1F); out[x++] = 0x80 | (in[y] & 0x3F); break; + case 3: out[x++] = 0xE0 | ((in[y] >> 12) & 0x0F); out[x++] = 0x80 | ((in[y] >> 6) & 0x3F); out[x++] = 0x80 | (in[y] & 0x3F); break; + case 4: out[x++] = 0xF0 | ((in[y] >> 18) & 0x07); out[x++] = 0x80 | ((in[y] >> 12) & 0x3F); out[x++] = 0x80 | ((in[y] >> 6) & 0x3F); out[x++] = 0x80 | (in[y] & 0x3F); break; + } + } + + /* retun length */ + *outlen = x; + + return CRYPT_OK; +} + +#endif + +/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/utf8/der_encode_utf8_string.c,v $ */ +/* $Revision: 1.7 $ */ +/* $Date: 2006/12/16 17:41:21 $ */ diff --git a/libtomcrypt/src/pk/asn1/der/utf8/der_length_utf8_string.c b/libtomcrypt/src/pk/asn1/der/utf8/der_length_utf8_string.c new file mode 100644 index 0000000..b5b2bc6 --- /dev/null +++ b/libtomcrypt/src/pk/asn1/der/utf8/der_length_utf8_string.c @@ -0,0 +1,83 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com + */ +#include "tomcrypt.h" + +/** + @file der_length_utf8_string.c + ASN.1 DER, get length of UTF8 STRING, Tom St Denis +*/ + +#ifdef LTC_DER + +/** Return the size in bytes of a UTF-8 character + @param c The UTF-8 character to measure + @return The size in bytes +*/ +unsigned long der_utf8_charsize(const wchar_t c) +{ + if (c <= 0x7F) { + return 1; + } else if (c <= 0x7FF) { + return 2; + } else if (c <= 0xFFFF) { + return 3; + } else { + return 4; + } +} + +/** + Gets length of DER encoding of UTF8 STRING + @param in The characters to measure the length of + @param noctets The number of octets in the string to encode + @param outlen [out] The length of the DER encoding for the given string + @return CRYPT_OK if successful +*/ +int der_length_utf8_string(const wchar_t *in, unsigned long noctets, unsigned long *outlen) +{ + unsigned long x, len; + + LTC_ARGCHK(in != NULL); + LTC_ARGCHK(outlen != NULL); + + len = 0; + for (x = 0; x < noctets; x++) { + if (in[x] < 0 || in[x] > 0x10FFFF) { + return CRYPT_INVALID_ARG; + } + len += der_utf8_charsize(in[x]); + } + + if (len < 128) { + /* 0C LL DD DD DD ... */ + *outlen = 2 + len; + } else if (len < 256) { + /* 0C 81 LL DD DD DD ... */ + *outlen = 3 + len; + } else if (len < 65536UL) { + /* 0C 82 LL LL DD DD DD ... */ + *outlen = 4 + len; + } else if (len < 16777216UL) { + /* 0C 83 LL LL LL DD DD DD ... */ + *outlen = 5 + len; + } else { + return CRYPT_INVALID_ARG; + } + + return CRYPT_OK; +} + +#endif + + +/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/utf8/der_length_utf8_string.c,v $ */ +/* $Revision: 1.5 $ */ +/* $Date: 2006/12/16 17:41:21 $ */ diff --git a/libtomcrypt/src/pk/dh/dh.c b/libtomcrypt/src/pk/dh/dh.c deleted file mode 100644 index a54f29b..0000000 --- a/libtomcrypt/src/pk/dh/dh.c +++ /dev/null @@ -1,524 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org - */ -#include "tomcrypt.h" - -/** - @file dh.c - DH crypto, Tom St Denis -*/ - -#ifdef MDH - -/* max export size we'll encounter (smaller than this but lets round up a bit) */ -#define DH_BUF_SIZE 1200 - -/* This holds the key settings. ***MUST*** be organized by size from smallest to largest. */ -static const struct { - int size; - char *name, *base, *prime; -} sets[] = { -#ifdef DH768 -{ - 96, - "DH-768", - "4", - "F///////////////////////////////////////////////////////////" - "////////////////////////////////////////////////////////////" - "//////m3wvV" -}, -#endif -#ifdef DH1024 -{ - 128, - "DH-1024", - "4", - "F///////////////////////////////////////////////////////////" - "////////////////////////////////////////////////////////////" - "////////////////////////////////////////////////m3C47" -}, -#endif -#ifdef DH1280 -{ - 160, - "DH-1280", - "4", - "F///////////////////////////////////////////////////////////" - "////////////////////////////////////////////////////////////" - "////////////////////////////////////////////////////////////" - "//////////////////////////////m4kSN" -}, -#endif -#ifdef DH1536 -{ - 192, - "DH-1536", - "4", - "F///////////////////////////////////////////////////////////" - "////////////////////////////////////////////////////////////" - "////////////////////////////////////////////////////////////" - "////////////////////////////////////////////////////////////" - "////////////m5uqd" -}, -#endif -#ifdef DH1792 -{ - 224, - "DH-1792", - "4", - "F///////////////////////////////////////////////////////////" - "////////////////////////////////////////////////////////////" - "////////////////////////////////////////////////////////////" - "////////////////////////////////////////////////////////////" - "//////////////////////////////////////////////////////mT/sd" -}, -#endif -#ifdef DH2048 -{ - 256, - "DH-2048", - "4", - "3///////////////////////////////////////////////////////////" - "////////////////////////////////////////////////////////////" - "////////////////////////////////////////////////////////////" - "////////////////////////////////////////////////////////////" - "////////////////////////////////////////////////////////////" - "/////////////////////////////////////////m8MPh" -}, -#endif -#ifdef DH2560 -{ - 320, - "DH-2560", - "4", - "3///////////////////////////////////////////////////////////" - "////////////////////////////////////////////////////////////" - "////////////////////////////////////////////////////////////" - "////////////////////////////////////////////////////////////" - "////////////////////////////////////////////////////////////" - "////////////////////////////////////////////////////////////" - "////////////////////////////////////////////////////////////" - "/////mKFpF" -}, -#endif -#ifdef DH3072 -{ - 384, - "DH-3072", - "4", - "3///////////////////////////////////////////////////////////" - "////////////////////////////////////////////////////////////" - "////////////////////////////////////////////////////////////" - "////////////////////////////////////////////////////////////" - "////////////////////////////////////////////////////////////" - "////////////////////////////////////////////////////////////" - "////////////////////////////////////////////////////////////" - "////////////////////////////////////////////////////////////" - "/////////////////////////////m32nN" -}, -#endif -#ifdef DH4096 -{ - 512, - "DH-4096", - "4", - "////////////////////////////////////////////////////////////" - "////////////////////////////////////////////////////////////" - "////////////////////////////////////////////////////////////" - "////////////////////////////////////////////////////////////" - "////////////////////////////////////////////////////////////" - "////////////////////////////////////////////////////////////" - "////////////////////////////////////////////////////////////" - "////////////////////////////////////////////////////////////" - "////////////////////////////////////////////////////////////" - "////////////////////////////////////////////////////////////" - "////////////////////////////////////////////////////////////" - "/////////////////////m8pOF" -}, -#endif -{ - 0, - NULL, - NULL, - NULL -} -}; - -static int is_valid_idx(int n) -{ - int x; - - for (x = 0; sets[x].size; x++); - if ((n < 0) || (n >= x)) { - return 0; - } - return 1; -} - -/** - Test the DH sub-system (can take a while) - @return CRYPT_OK if successful -*/ -int dh_test(void) -{ - mp_int p, g, tmp; - int x, err, primality; - - if ((err = mp_init_multi(&p, &g, &tmp, NULL)) != MP_OKAY) { goto error; } - - for (x = 0; sets[x].size != 0; x++) { -#if 0 - printf("dh_test():testing size %d-bits\n", sets[x].size * 8); -#endif - if ((err = mp_read_radix(&g,(char *)sets[x].base, 64)) != MP_OKAY) { goto error; } - if ((err = mp_read_radix(&p,(char *)sets[x].prime, 64)) != MP_OKAY) { goto error; } - - /* ensure p is prime */ - if ((err = is_prime(&p, &primality)) != CRYPT_OK) { goto done; } - if (primality == 0) { - err = CRYPT_FAIL_TESTVECTOR; - goto done; - } - - if ((err = mp_sub_d(&p, 1, &tmp)) != MP_OKAY) { goto error; } - if ((err = mp_div_2(&tmp, &tmp)) != MP_OKAY) { goto error; } - - /* ensure (p-1)/2 is prime */ - if ((err = is_prime(&tmp, &primality)) != CRYPT_OK) { goto done; } - if (primality == 0) { - err = CRYPT_FAIL_TESTVECTOR; - goto done; - } - - /* now see if g^((p-1)/2) mod p is in fact 1 */ - if ((err = mp_exptmod(&g, &tmp, &p, &tmp)) != MP_OKAY) { goto error; } - if (mp_cmp_d(&tmp, 1)) { - err = CRYPT_FAIL_TESTVECTOR; - goto done; - } - } - err = CRYPT_OK; - goto done; -error: - err = mpi_to_ltc_error(err); -done: - mp_clear_multi(&tmp, &g, &p, NULL); - return err; -} - -/** - Get the min and max DH key sizes (octets) - @param low [out] The smallest key size supported - @param high [out] The largest key size supported -*/ -void dh_sizes(int *low, int *high) -{ - int x; - LTC_ARGCHK(low != NULL); - LTC_ARGCHK(high != NULL); - *low = INT_MAX; - *high = 0; - for (x = 0; sets[x].size != 0; x++) { - if (*low > sets[x].size) *low = sets[x].size; - if (*high < sets[x].size) *high = sets[x].size; - } -} - -/** - Returns the key size of a given DH key (octets) - @param key The DH key to get the size of - @return The size if valid or INT_MAX if not -*/ -int dh_get_size(dh_key *key) -{ - LTC_ARGCHK(key != NULL); - if (is_valid_idx(key->idx) == 1) { - return sets[key->idx].size; - } else { - return INT_MAX; /* large value that would cause dh_make_key() to fail */ - } -} - -/** - Make a DH key [private key pair] - @param prng An active PRNG state - @param wprng The index for the PRNG you desire to use - @param keysize The key size (octets) desired - @param key [out] Where the newly created DH key will be stored - @return CRYPT_OK if successful, note: on error all allocated memory will be freed automatically. -*/ -int dh_make_key(prng_state *prng, int wprng, int keysize, dh_key *key) -{ - unsigned char *buf; - unsigned long x; - mp_int p, g; - int err; - - LTC_ARGCHK(key != NULL); - - /* good prng? */ - if ((err = prng_is_valid(wprng)) != CRYPT_OK) { - return err; - } - - /* find key size */ - for (x = 0; (keysize > sets[x].size) && (sets[x].size != 0); x++); -#ifdef FAST_PK - keysize = MIN(sets[x].size, 32); -#else - keysize = sets[x].size; -#endif - - if (sets[x].size == 0) { - return CRYPT_INVALID_KEYSIZE; - } - key->idx = x; - - /* allocate buffer */ - buf = XMALLOC(keysize); - if (buf == NULL) { - return CRYPT_MEM; - } - - /* make up random string */ - if (prng_descriptor[wprng].read(buf, keysize, prng) != (unsigned long)keysize) { - err = CRYPT_ERROR_READPRNG; - goto error2; - } - - /* init parameters */ - if ((err = mp_init_multi(&g, &p, &key->x, &key->y, NULL)) != MP_OKAY) { - goto error; - } - if ((err = mp_read_radix(&g, sets[key->idx].base, 64)) != MP_OKAY) { goto error; } - if ((err = mp_read_radix(&p, sets[key->idx].prime, 64)) != MP_OKAY) { goto error; } - - /* load the x value */ - if ((err = mp_read_unsigned_bin(&key->x, buf, keysize)) != MP_OKAY) { goto error; } - if ((err = mp_exptmod(&g, &key->x, &p, &key->y)) != MP_OKAY) { goto error; } - key->type = PK_PRIVATE; - - if ((err = mp_shrink(&key->x)) != MP_OKAY) { goto error; } - if ((err = mp_shrink(&key->y)) != MP_OKAY) { goto error; } - - /* free up ram */ - err = CRYPT_OK; - goto done; -error: - err = mpi_to_ltc_error(err); -error2: - mp_clear_multi(&key->x, &key->y, NULL); -done: -#ifdef LTC_CLEAN_STACK - zeromem(buf, keysize); -#endif - mp_clear_multi(&p, &g, NULL); - XFREE(buf); - return err; -} - -/** - Free the allocated ram for a DH key - @param key The key which you wish to free -*/ -void dh_free(dh_key *key) -{ - LTC_ARGCHK(key != NULL); - mp_clear_multi(&key->x, &key->y, NULL); -} - -/** - Export a DH key to a binary packet - @param out [out] The destination for the key - @param outlen [in/out] The max size and resulting size of the DH key - @param type Which type of key (PK_PRIVATE or PK_PUBLIC) - @param key The key you wish to export - @return CRYPT_OK if successful -*/ -int dh_export(unsigned char *out, unsigned long *outlen, int type, dh_key *key) -{ - unsigned long y, z; - int err; - - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - LTC_ARGCHK(key != NULL); - - /* can we store the static header? */ - if (*outlen < (PACKET_SIZE + 2)) { - return CRYPT_BUFFER_OVERFLOW; - } - - if (type == PK_PRIVATE && key->type != PK_PRIVATE) { - return CRYPT_PK_NOT_PRIVATE; - } - - /* header */ - y = PACKET_SIZE; - - /* header */ - out[y++] = type; - out[y++] = (unsigned char)(sets[key->idx].size / 8); - - /* export y */ - OUTPUT_BIGNUM(&key->y, out, y, z); - - if (type == PK_PRIVATE) { - /* export x */ - OUTPUT_BIGNUM(&key->x, out, y, z); - } - - /* store header */ - packet_store_header(out, PACKET_SECT_DH, PACKET_SUB_KEY); - - /* store len */ - *outlen = y; - return CRYPT_OK; -} - -/** - Import a DH key from a binary packet - @param in The packet to read - @param inlen The length of the input packet - @param key [out] Where to import the key to - @return CRYPT_OK if successful, on error all allocated memory is freed automatically -*/ -int dh_import(const unsigned char *in, unsigned long inlen, dh_key *key) -{ - unsigned long x, y, s; - int err; - - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(key != NULL); - - /* make sure valid length */ - if ((2+PACKET_SIZE) > inlen) { - return CRYPT_INVALID_PACKET; - } - - /* check type byte */ - if ((err = packet_valid_header((unsigned char *)in, PACKET_SECT_DH, PACKET_SUB_KEY)) != CRYPT_OK) { - return err; - } - - /* init */ - if ((err = mp_init_multi(&key->x, &key->y, NULL)) != MP_OKAY) { - return mpi_to_ltc_error(err); - } - - /* advance past packet header */ - y = PACKET_SIZE; - - /* key type, e.g. private, public */ - key->type = (int)in[y++]; - - /* key size in bytes */ - s = (unsigned long)in[y++] * 8; - - for (x = 0; (s > (unsigned long)sets[x].size) && (sets[x].size != 0); x++); - if (sets[x].size == 0) { - err = CRYPT_INVALID_KEYSIZE; - goto error; - } - key->idx = (int)x; - - /* type check both values */ - if ((key->type != PK_PUBLIC) && (key->type != PK_PRIVATE)) { - err = CRYPT_PK_TYPE_MISMATCH; - goto error; - } - - /* is the key idx valid? */ - if (is_valid_idx(key->idx) != 1) { - err = CRYPT_PK_TYPE_MISMATCH; - goto error; - } - - /* load public value g^x mod p*/ - INPUT_BIGNUM(&key->y, in, x, y, inlen); - - if (key->type == PK_PRIVATE) { - INPUT_BIGNUM(&key->x, in, x, y, inlen); - } - - /* eliminate private key if public */ - if (key->type == PK_PUBLIC) { - mp_clear(&key->x); - } - - return CRYPT_OK; -error: - mp_clear_multi(&key->y, &key->x, NULL); - return err; -} - -/** - Create a DH shared secret. - @param private_key The private DH key in the pair - @param public_key The public DH key in the pair - @param out [out] The destination of the shared data - @param outlen [in/out] The max size and resulting size of the shared data. - @return CRYPT_OK if successful -*/ -int dh_shared_secret(dh_key *private_key, dh_key *public_key, - unsigned char *out, unsigned long *outlen) -{ - mp_int tmp, p; - unsigned long x; - int err; - - LTC_ARGCHK(private_key != NULL); - LTC_ARGCHK(public_key != NULL); - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - - /* types valid? */ - if (private_key->type != PK_PRIVATE) { - return CRYPT_PK_NOT_PRIVATE; - } - - /* same idx? */ - if (private_key->idx != public_key->idx) { - return CRYPT_PK_TYPE_MISMATCH; - } - - /* compute y^x mod p */ - if ((err = mp_init_multi(&tmp, &p, NULL)) != MP_OKAY) { - return mpi_to_ltc_error(err); - } - - if ((err = mp_read_radix(&p, (char *)sets[private_key->idx].prime, 64)) != MP_OKAY) { goto error; } - if ((err = mp_exptmod(&public_key->y, &private_key->x, &p, &tmp)) != MP_OKAY) { goto error; } - - /* enough space for output? */ - x = (unsigned long)mp_unsigned_bin_size(&tmp); - if (*outlen < x) { - err = CRYPT_BUFFER_OVERFLOW; - goto done; - } - if ((err = mp_to_unsigned_bin(&tmp, out)) != MP_OKAY) { goto error; } - *outlen = x; - err = CRYPT_OK; - goto done; -error: - err = mpi_to_ltc_error(err); -done: - mp_clear_multi(&p, &tmp, NULL); - return err; -} - -#include "dh_sys.c" - -#endif - - -/* $Source: /cvs/libtom/libtomcrypt/src/pk/dh/dh.c,v $ */ -/* $Revision: 1.3 $ */ -/* $Date: 2005/05/05 14:35:59 $ */ diff --git a/libtomcrypt/src/pk/dh/dh_sys.c b/libtomcrypt/src/pk/dh/dh_sys.c deleted file mode 100644 index 4f10556..0000000 --- a/libtomcrypt/src/pk/dh/dh_sys.c +++ /dev/null @@ -1,499 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org - */ - -/** - @file dh_sys.c - DH Crypto, Tom St Denis -*/ - -/** - Encrypt a short symmetric key with a public DH key - @param in The symmetric key to encrypt - @param inlen The length of the key (octets) - @param out [out] The ciphertext - @param outlen [in/out] The max size and resulting size of the ciphertext - @param prng An active PRNG state - @param wprng The index of the PRNG desired - @param hash The index of the hash desired (must produce a digest of size >= the size of the plaintext) - @param key The public key you wish to encrypt with. - @return CRYPT_OK if successful -*/ -int dh_encrypt_key(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen, - prng_state *prng, int wprng, int hash, - dh_key *key) -{ - unsigned char *pub_expt, *dh_shared, *skey; - dh_key pubkey; - unsigned long x, y, z, hashsize, pubkeysize; - int err; - - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - LTC_ARGCHK(key != NULL); - - /* check that wprng/hash are not invalid */ - if ((err = prng_is_valid(wprng)) != CRYPT_OK) { - return err; - } - - if ((err = hash_is_valid(hash)) != CRYPT_OK) { - return err; - } - - if (inlen > hash_descriptor[hash].hashsize) { - return CRYPT_INVALID_HASH; - } - - /* allocate memory */ - pub_expt = XMALLOC(DH_BUF_SIZE); - dh_shared = XMALLOC(DH_BUF_SIZE); - skey = XMALLOC(MAXBLOCKSIZE); - if (pub_expt == NULL || dh_shared == NULL || skey == NULL) { - if (pub_expt != NULL) { - XFREE(pub_expt); - } - if (dh_shared != NULL) { - XFREE(dh_shared); - } - if (skey != NULL) { - XFREE(skey); - } - return CRYPT_MEM; - } - - /* make a random key and export the public copy */ - if ((err = dh_make_key(prng, wprng, dh_get_size(key), &pubkey)) != CRYPT_OK) { - goto LBL_ERR; - } - - pubkeysize = DH_BUF_SIZE; - if ((err = dh_export(pub_expt, &pubkeysize, PK_PUBLIC, &pubkey)) != CRYPT_OK) { - dh_free(&pubkey); - goto LBL_ERR; - } - - /* now check if the out buffer is big enough */ - if (*outlen < (1 + 4 + 4 + PACKET_SIZE + pubkeysize + inlen)) { - dh_free(&pubkey); - err = CRYPT_BUFFER_OVERFLOW; - goto LBL_ERR; - } - - /* make random key */ - hashsize = hash_descriptor[hash].hashsize; - - x = DH_BUF_SIZE; - if ((err = dh_shared_secret(&pubkey, key, dh_shared, &x)) != CRYPT_OK) { - dh_free(&pubkey); - goto LBL_ERR; - } - dh_free(&pubkey); - - z = MAXBLOCKSIZE; - if ((err = hash_memory(hash, dh_shared, x, skey, &z)) != CRYPT_OK) { - goto LBL_ERR; - } - - /* store header */ - packet_store_header(out, PACKET_SECT_DH, PACKET_SUB_ENC_KEY); - - /* output header */ - y = PACKET_SIZE; - - /* size of hash name and the name itself */ - out[y++] = hash_descriptor[hash].ID; - - /* length of DH pubkey and the key itself */ - STORE32L(pubkeysize, out+y); - y += 4; - for (x = 0; x < pubkeysize; x++, y++) { - out[y] = pub_expt[x]; - } - - /* Store the encrypted key */ - STORE32L(inlen, out+y); - y += 4; - - for (x = 0; x < inlen; x++, y++) { - out[y] = skey[x] ^ in[x]; - } - *outlen = y; - - err = CRYPT_OK; -LBL_ERR: -#ifdef LTC_CLEAN_STACK - /* clean up */ - zeromem(pub_expt, DH_BUF_SIZE); - zeromem(dh_shared, DH_BUF_SIZE); - zeromem(skey, MAXBLOCKSIZE); -#endif - XFREE(skey); - XFREE(dh_shared); - XFREE(pub_expt); - - return err; -} - -/** - Decrypt a DH encrypted symmetric key - @param in The DH encrypted packet - @param inlen The length of the DH encrypted packet - @param out The plaintext - @param outlen [in/out] The max size and resulting size of the plaintext - @param key The private DH key corresponding to the public key that encrypted the plaintext - @return CRYPT_OK if successful -*/ -int dh_decrypt_key(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen, - dh_key *key) -{ - unsigned char *shared_secret, *skey; - unsigned long x, y, z, hashsize, keysize; - int hash, err; - dh_key pubkey; - - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - LTC_ARGCHK(key != NULL); - - /* right key type? */ - if (key->type != PK_PRIVATE) { - return CRYPT_PK_NOT_PRIVATE; - } - - /* allocate ram */ - shared_secret = XMALLOC(DH_BUF_SIZE); - skey = XMALLOC(MAXBLOCKSIZE); - if (shared_secret == NULL || skey == NULL) { - if (shared_secret != NULL) { - XFREE(shared_secret); - } - if (skey != NULL) { - XFREE(skey); - } - return CRYPT_MEM; - } - - /* check if initial header should fit */ - if (inlen < PACKET_SIZE+1+4+4) { - err = CRYPT_INVALID_PACKET; - goto LBL_ERR; - } else { - inlen -= PACKET_SIZE+1+4+4; - } - - /* is header correct? */ - if ((err = packet_valid_header((unsigned char *)in, PACKET_SECT_DH, PACKET_SUB_ENC_KEY)) != CRYPT_OK) { - goto LBL_ERR; - } - - /* now lets get the hash name */ - y = PACKET_SIZE; - hash = find_hash_id(in[y++]); - if (hash == -1) { - err = CRYPT_INVALID_HASH; - goto LBL_ERR; - } - - /* common values */ - hashsize = hash_descriptor[hash].hashsize; - - /* get public key */ - LOAD32L(x, in+y); - - /* now check if the imported key will fit */ - if (inlen < x) { - err = CRYPT_INVALID_PACKET; - goto LBL_ERR; - } else { - inlen -= x; - } - - y += 4; - if ((err = dh_import(in+y, x, &pubkey)) != CRYPT_OK) { - goto LBL_ERR; - } - y += x; - - /* make shared key */ - x = DH_BUF_SIZE; - if ((err = dh_shared_secret(key, &pubkey, shared_secret, &x)) != CRYPT_OK) { - dh_free(&pubkey); - goto LBL_ERR; - } - dh_free(&pubkey); - - z = MAXBLOCKSIZE; - if ((err = hash_memory(hash, shared_secret, x, skey, &z)) != CRYPT_OK) { - goto LBL_ERR; - } - - /* load in the encrypted key */ - LOAD32L(keysize, in+y); - - /* will the out fit as part of the input */ - if (inlen < keysize) { - err = CRYPT_INVALID_PACKET; - goto LBL_ERR; - } else { - inlen -= keysize; - } - - if (keysize > *outlen) { - err = CRYPT_BUFFER_OVERFLOW; - goto LBL_ERR; - } - y += 4; - - *outlen = keysize; - - for (x = 0; x < keysize; x++, y++) { - out[x] = skey[x] ^ in[y]; - } - - err = CRYPT_OK; -LBL_ERR: -#ifdef LTC_CLEAN_STACK - zeromem(shared_secret, DH_BUF_SIZE); - zeromem(skey, MAXBLOCKSIZE); -#endif - - XFREE(skey); - XFREE(shared_secret); - - return err; -} - -/* perform an ElGamal Signature of a hash - * - * The math works as follows. x is the private key, M is the message to sign - - 1. pick a random k - 2. compute a = g^k mod p - 3. compute b = (M - xa)/k mod p - 4. Send (a,b) - - Now to verify with y=g^x mod p, a and b - - 1. compute y^a * a^b = g^(xa) * g^(k*(M-xa)/k) - = g^(xa + (M - xa)) - = g^M [all mod p] - - 2. Compare against g^M mod p [based on input hash]. - 3. If result of #2 == result of #1 then signature valid -*/ - -/** - Sign a message digest using a DH private key - @param in The data to sign - @param inlen The length of the input (octets) - @param out [out] The destination of the signature - @param outlen [in/out] The max size and resulting size of the output - @param prng An active PRNG state - @param wprng The index of the PRNG desired - @param key A private DH key - @return CRYPT_OK if successful -*/ -int dh_sign_hash(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen, - prng_state *prng, int wprng, dh_key *key) -{ - mp_int a, b, k, m, g, p, p1, tmp; - unsigned char *buf; - unsigned long x, y; - int err; - - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - LTC_ARGCHK(key != NULL); - - /* check parameters */ - if (key->type != PK_PRIVATE) { - return CRYPT_PK_NOT_PRIVATE; - } - - if ((err = prng_is_valid(wprng)) != CRYPT_OK) { - return err; - } - - /* is the IDX valid ? */ - if (is_valid_idx(key->idx) != 1) { - return CRYPT_PK_INVALID_TYPE; - } - - /* allocate ram for buf */ - buf = XMALLOC(520); - - /* make up a random value k, - * since the order of the group is prime - * we need not check if gcd(k, r) is 1 - */ - if (prng_descriptor[wprng].read(buf, sets[key->idx].size, prng) != - (unsigned long)(sets[key->idx].size)) { - err = CRYPT_ERROR_READPRNG; - goto LBL_ERR; - } - - /* init bignums */ - if ((err = mp_init_multi(&a, &b, &k, &m, &p, &g, &p1, &tmp, NULL)) != MP_OKAY) { - err = mpi_to_ltc_error(err); - goto LBL_ERR; - } - - /* load k and m */ - if ((err = mp_read_unsigned_bin(&m, (unsigned char *)in, inlen)) != MP_OKAY) { goto error; } - if ((err = mp_read_unsigned_bin(&k, buf, sets[key->idx].size)) != MP_OKAY) { goto error; } - - /* load g, p and p1 */ - if ((err = mp_read_radix(&g, sets[key->idx].base, 64)) != MP_OKAY) { goto error; } - if ((err = mp_read_radix(&p, sets[key->idx].prime, 64)) != MP_OKAY) { goto error; } - if ((err = mp_sub_d(&p, 1, &p1)) != MP_OKAY) { goto error; } - if ((err = mp_div_2(&p1, &p1)) != MP_OKAY) { goto error; } /* p1 = (p-1)/2 */ - - /* now get a = g^k mod p */ - if ((err = mp_exptmod(&g, &k, &p, &a)) != MP_OKAY) { goto error; } - - /* now find M = xa + kb mod p1 or just b = (M - xa)/k mod p1 */ - if ((err = mp_invmod(&k, &p1, &k)) != MP_OKAY) { goto error; } /* k = 1/k mod p1 */ - if ((err = mp_mulmod(&a, &key->x, &p1, &tmp)) != MP_OKAY) { goto error; } /* tmp = xa */ - if ((err = mp_submod(&m, &tmp, &p1, &tmp)) != MP_OKAY) { goto error; } /* tmp = M - xa */ - if ((err = mp_mulmod(&k, &tmp, &p1, &b)) != MP_OKAY) { goto error; } /* b = (M - xa)/k */ - - /* check for overflow */ - if ((unsigned long)(PACKET_SIZE + 4 + 4 + mp_unsigned_bin_size(&a) + mp_unsigned_bin_size(&b)) > *outlen) { - err = CRYPT_BUFFER_OVERFLOW; - goto LBL_ERR; - } - - /* store header */ - y = PACKET_SIZE; - - /* now store them both (a,b) */ - x = (unsigned long)mp_unsigned_bin_size(&a); - STORE32L(x, out+y); y += 4; - if ((err = mp_to_unsigned_bin(&a, out+y)) != MP_OKAY) { goto error; } - y += x; - - x = (unsigned long)mp_unsigned_bin_size(&b); - STORE32L(x, out+y); y += 4; - if ((err = mp_to_unsigned_bin(&b, out+y)) != MP_OKAY) { goto error; } - y += x; - - /* check if size too big */ - if (*outlen < y) { - err = CRYPT_BUFFER_OVERFLOW; - goto LBL_ERR; - } - - /* store header */ - packet_store_header(out, PACKET_SECT_DH, PACKET_SUB_SIGNED); - *outlen = y; - - err = CRYPT_OK; - goto LBL_ERR; -error: - err = mpi_to_ltc_error(err); -LBL_ERR: - mp_clear_multi(&tmp, &p1, &g, &p, &m, &k, &b, &a, NULL); - - XFREE(buf); - - return err; -} - - -/** - Verify the signature given - @param sig The signature - @param siglen The length of the signature (octets) - @param hash The hash that was signed - @param hashlen The length of the hash (octets) - @param stat [out] Result of signature comparison, 1==valid, 0==invalid - @param key The public DH key that signed the hash - @return CRYPT_OK if succsessful (even if signature is invalid) -*/ -int dh_verify_hash(const unsigned char *sig, unsigned long siglen, - const unsigned char *hash, unsigned long hashlen, - int *stat, dh_key *key) -{ - mp_int a, b, p, g, m, tmp; - unsigned long x, y; - int err; - - LTC_ARGCHK(sig != NULL); - LTC_ARGCHK(hash != NULL); - LTC_ARGCHK(stat != NULL); - LTC_ARGCHK(key != NULL); - - /* default to invalid */ - *stat = 0; - - /* check initial input length */ - if (siglen < PACKET_SIZE+4+4) { - return CRYPT_INVALID_PACKET; - } - - /* header ok? */ - if ((err = packet_valid_header((unsigned char *)sig, PACKET_SECT_DH, PACKET_SUB_SIGNED)) != CRYPT_OK) { - return err; - } - - /* get hash out of packet */ - y = PACKET_SIZE; - - /* init all bignums */ - if ((err = mp_init_multi(&a, &p, &b, &g, &m, &tmp, NULL)) != MP_OKAY) { - return mpi_to_ltc_error(err); - } - - /* load a and b */ - INPUT_BIGNUM(&a, sig, x, y, siglen); - INPUT_BIGNUM(&b, sig, x, y, siglen); - - /* load p and g */ - if ((err = mp_read_radix(&p, sets[key->idx].prime, 64)) != MP_OKAY) { goto error1; } - if ((err = mp_read_radix(&g, sets[key->idx].base, 64)) != MP_OKAY) { goto error1; } - - /* load m */ - if ((err = mp_read_unsigned_bin(&m, (unsigned char *)hash, hashlen)) != MP_OKAY) { goto error1; } - - /* find g^m mod p */ - if ((err = mp_exptmod(&g, &m, &p, &m)) != MP_OKAY) { goto error1; } /* m = g^m mod p */ - - /* find y^a * a^b */ - if ((err = mp_exptmod(&key->y, &a, &p, &tmp)) != MP_OKAY) { goto error1; } /* tmp = y^a mod p */ - if ((err = mp_exptmod(&a, &b, &p, &a)) != MP_OKAY) { goto error1; } /* a = a^b mod p */ - if ((err = mp_mulmod(&a, &tmp, &p, &a)) != MP_OKAY) { goto error1; } /* a = y^a * a^b mod p */ - - /* y^a * a^b == g^m ??? */ - if (mp_cmp(&a, &m) == 0) { - *stat = 1; - } - - /* clean up */ - err = CRYPT_OK; - goto done; -error1: - err = mpi_to_ltc_error(err); -error: -done: - mp_clear_multi(&tmp, &m, &g, &p, &b, &a, NULL); - return err; -} - - -/* $Source: /cvs/libtom/libtomcrypt/src/pk/dh/dh_sys.c,v $ */ -/* $Revision: 1.3 $ */ -/* $Date: 2005/05/05 14:35:59 $ */ diff --git a/libtomcrypt/src/pk/dsa/dsa_decrypt_key.c b/libtomcrypt/src/pk/dsa/dsa_decrypt_key.c new file mode 100644 index 0000000..5cbedc6 --- /dev/null +++ b/libtomcrypt/src/pk/dsa/dsa_decrypt_key.c @@ -0,0 +1,139 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com + */ +#include "tomcrypt.h" + +/** + @file dsa_decrypt_key.c + DSA Crypto, Tom St Denis +*/ + +#ifdef MDSA + +/** + Decrypt an DSA encrypted key + @param in The ciphertext + @param inlen The length of the ciphertext (octets) + @param out [out] The plaintext + @param outlen [in/out] The max size and resulting size of the plaintext + @param key The corresponding private DSA key + @return CRYPT_OK if successful +*/ +int dsa_decrypt_key(const unsigned char *in, unsigned long inlen, + unsigned char *out, unsigned long *outlen, + dsa_key *key) +{ + unsigned char *skey, *expt; + void *g_pub; + unsigned long x, y, hashOID[32]; + int hash, err; + ltc_asn1_list decode[3]; + + LTC_ARGCHK(in != NULL); + LTC_ARGCHK(out != NULL); + LTC_ARGCHK(outlen != NULL); + LTC_ARGCHK(key != NULL); + + /* right key type? */ + if (key->type != PK_PRIVATE) { + return CRYPT_PK_NOT_PRIVATE; + } + + /* decode to find out hash */ + LTC_SET_ASN1(decode, 0, LTC_ASN1_OBJECT_IDENTIFIER, hashOID, sizeof(hashOID)/sizeof(hashOID[0])); + + if ((err = der_decode_sequence(in, inlen, decode, 1)) != CRYPT_OK) { + return err; + } + + hash = find_hash_oid(hashOID, decode[0].size); + if (hash_is_valid(hash) != CRYPT_OK) { + return CRYPT_INVALID_PACKET; + } + + /* we now have the hash! */ + + if ((err = mp_init(&g_pub)) != CRYPT_OK) { + return err; + } + + /* allocate memory */ + expt = XMALLOC(mp_unsigned_bin_size(key->p) + 1); + skey = XMALLOC(MAXBLOCKSIZE); + if (expt == NULL || skey == NULL) { + if (expt != NULL) { + XFREE(expt); + } + if (skey != NULL) { + XFREE(skey); + } + mp_clear(g_pub); + return CRYPT_MEM; + } + + LTC_SET_ASN1(decode, 1, LTC_ASN1_INTEGER, g_pub, 1UL); + LTC_SET_ASN1(decode, 2, LTC_ASN1_OCTET_STRING, skey, MAXBLOCKSIZE); + + /* read the structure in now */ + if ((err = der_decode_sequence(in, inlen, decode, 3)) != CRYPT_OK) { + goto LBL_ERR; + } + + /* make shared key */ + x = mp_unsigned_bin_size(key->p) + 1; + if ((err = dsa_shared_secret(key->x, g_pub, key, expt, &x)) != CRYPT_OK) { + goto LBL_ERR; + } + + y = MIN(mp_unsigned_bin_size(key->p) + 1, MAXBLOCKSIZE); + if ((err = hash_memory(hash, expt, x, expt, &y)) != CRYPT_OK) { + goto LBL_ERR; + } + + /* ensure the hash of the shared secret is at least as big as the encrypt itself */ + if (decode[2].size > y) { + err = CRYPT_INVALID_PACKET; + goto LBL_ERR; + } + + /* avoid buffer overflow */ + if (*outlen < decode[2].size) { + *outlen = decode[2].size; + err = CRYPT_BUFFER_OVERFLOW; + goto LBL_ERR; + } + + /* Decrypt the key */ + for (x = 0; x < decode[2].size; x++) { + out[x] = expt[x] ^ skey[x]; + } + *outlen = x; + + err = CRYPT_OK; +LBL_ERR: +#ifdef LTC_CLEAN_STACK + zeromem(expt, mp_unsigned_bin_size(key->p) + 1); + zeromem(skey, MAXBLOCKSIZE); +#endif + + XFREE(expt); + XFREE(skey); + + mp_clear(g_pub); + + return err; +} + +#endif + +/* $Source: /cvs/libtom/libtomcrypt/src/pk/dsa/dsa_decrypt_key.c,v $ */ +/* $Revision: 1.9 $ */ +/* $Date: 2006/12/04 03:18:43 $ */ + diff --git a/libtomcrypt/src/pk/dsa/dsa_encrypt_key.c b/libtomcrypt/src/pk/dsa/dsa_encrypt_key.c new file mode 100644 index 0000000..cefa4de --- /dev/null +++ b/libtomcrypt/src/pk/dsa/dsa_encrypt_key.c @@ -0,0 +1,135 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com + */ +#include "tomcrypt.h" + +/** + @file dsa_encrypt_key.c + DSA Crypto, Tom St Denis +*/ + +#ifdef MDSA + +/** + Encrypt a symmetric key with DSA + @param in The symmetric key you want to encrypt + @param inlen The length of the key to encrypt (octets) + @param out [out] The destination for the ciphertext + @param outlen [in/out] The max size and resulting size of the ciphertext + @param prng An active PRNG state + @param wprng The index of the PRNG you wish to use + @param hash The index of the hash you want to use + @param key The DSA key you want to encrypt to + @return CRYPT_OK if successful +*/ +int dsa_encrypt_key(const unsigned char *in, unsigned long inlen, + unsigned char *out, unsigned long *outlen, + prng_state *prng, int wprng, int hash, + dsa_key *key) +{ + unsigned char *expt, *skey; + void *g_pub, *g_priv; + unsigned long x, y; + int err; + + LTC_ARGCHK(in != NULL); + LTC_ARGCHK(out != NULL); + LTC_ARGCHK(outlen != NULL); + LTC_ARGCHK(key != NULL); + + /* check that wprng/cipher/hash are not invalid */ + if ((err = prng_is_valid(wprng)) != CRYPT_OK) { + return err; + } + + if ((err = hash_is_valid(hash)) != CRYPT_OK) { + return err; + } + + if (inlen > hash_descriptor[hash].hashsize) { + return CRYPT_INVALID_HASH; + } + + /* make a random key and export the public copy */ + if ((err = mp_init_multi(&g_pub, &g_priv, NULL)) != CRYPT_OK) { + return err; + } + + expt = XMALLOC(mp_unsigned_bin_size(key->p) + 1); + skey = XMALLOC(MAXBLOCKSIZE); + if (expt == NULL || skey == NULL) { + if (expt != NULL) { + XFREE(expt); + } + if (skey != NULL) { + XFREE(skey); + } + mp_clear_multi(g_pub, g_priv, NULL); + return CRYPT_MEM; + } + + /* make a random x, g^x pair */ + x = mp_unsigned_bin_size(key->q); + if (prng_descriptor[wprng].read(expt, x, prng) != x) { + err = CRYPT_ERROR_READPRNG; + goto LBL_ERR; + } + + /* load x */ + if ((err = mp_read_unsigned_bin(g_priv, expt, x)) != CRYPT_OK) { + goto LBL_ERR; + } + + /* compute y */ + if ((err = mp_exptmod(key->g, g_priv, key->p, g_pub)) != CRYPT_OK) { + goto LBL_ERR; + } + + /* make random key */ + x = mp_unsigned_bin_size(key->p) + 1; + if ((err = dsa_shared_secret(g_priv, key->y, key, expt, &x)) != CRYPT_OK) { + goto LBL_ERR; + } + + y = MAXBLOCKSIZE; + if ((err = hash_memory(hash, expt, x, skey, &y)) != CRYPT_OK) { + goto LBL_ERR; + } + + /* Encrypt key */ + for (x = 0; x < inlen; x++) { + skey[x] ^= in[x]; + } + + err = der_encode_sequence_multi(out, outlen, + LTC_ASN1_OBJECT_IDENTIFIER, hash_descriptor[hash].OIDlen, hash_descriptor[hash].OID, + LTC_ASN1_INTEGER, 1UL, g_pub, + LTC_ASN1_OCTET_STRING, inlen, skey, + LTC_ASN1_EOL, 0UL, NULL); + +LBL_ERR: +#ifdef LTC_CLEAN_STACK + /* clean up */ + zeromem(expt, mp_unsigned_bin_size(key->p) + 1); + zeromem(skey, MAXBLOCKSIZE); +#endif + + XFREE(skey); + XFREE(expt); + + mp_clear_multi(g_pub, g_priv, NULL); + return err; +} + +#endif +/* $Source: /cvs/libtom/libtomcrypt/src/pk/dsa/dsa_encrypt_key.c,v $ */ +/* $Revision: 1.7 $ */ +/* $Date: 2006/12/04 03:18:43 $ */ + diff --git a/libtomcrypt/src/pk/dsa/dsa_export.c b/libtomcrypt/src/pk/dsa/dsa_export.c index 5a093d9..d882779 100644 --- a/libtomcrypt/src/pk/dsa/dsa_export.c +++ b/libtomcrypt/src/pk/dsa/dsa_export.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ #include "tomcrypt.h" @@ -47,19 +47,19 @@ int dsa_export(unsigned char *out, unsigned long *outlen, int type, dsa_key *key if (type == PK_PRIVATE) { return der_encode_sequence_multi(out, outlen, LTC_ASN1_BIT_STRING, 1UL, flags, - LTC_ASN1_INTEGER, 1UL, &key->g, - LTC_ASN1_INTEGER, 1UL, &key->p, - LTC_ASN1_INTEGER, 1UL, &key->q, - LTC_ASN1_INTEGER, 1UL, &key->y, - LTC_ASN1_INTEGER, 1UL, &key->x, + LTC_ASN1_INTEGER, 1UL, key->g, + LTC_ASN1_INTEGER, 1UL, key->p, + LTC_ASN1_INTEGER, 1UL, key->q, + LTC_ASN1_INTEGER, 1UL, key->y, + LTC_ASN1_INTEGER, 1UL, key->x, LTC_ASN1_EOL, 0UL, NULL); } else { return der_encode_sequence_multi(out, outlen, LTC_ASN1_BIT_STRING, 1UL, flags, - LTC_ASN1_INTEGER, 1UL, &key->g, - LTC_ASN1_INTEGER, 1UL, &key->p, - LTC_ASN1_INTEGER, 1UL, &key->q, - LTC_ASN1_INTEGER, 1UL, &key->y, + LTC_ASN1_INTEGER, 1UL, key->g, + LTC_ASN1_INTEGER, 1UL, key->p, + LTC_ASN1_INTEGER, 1UL, key->q, + LTC_ASN1_INTEGER, 1UL, key->y, LTC_ASN1_EOL, 0UL, NULL); } } @@ -68,5 +68,5 @@ int dsa_export(unsigned char *out, unsigned long *outlen, int type, dsa_key *key /* $Source: /cvs/libtom/libtomcrypt/src/pk/dsa/dsa_export.c,v $ */ -/* $Revision: 1.6 $ */ -/* $Date: 2005/06/03 19:24:31 $ */ +/* $Revision: 1.8 $ */ +/* $Date: 2006/03/31 14:15:35 $ */ diff --git a/libtomcrypt/src/pk/dsa/dsa_free.c b/libtomcrypt/src/pk/dsa/dsa_free.c index 9157acb..92a1eb7 100644 --- a/libtomcrypt/src/pk/dsa/dsa_free.c +++ b/libtomcrypt/src/pk/dsa/dsa_free.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ #include "tomcrypt.h" @@ -23,12 +23,12 @@ */ void dsa_free(dsa_key *key) { - LTC_ARGCHK(key != NULL); - mp_clear_multi(&key->g, &key->q, &key->p, &key->x, &key->y, NULL); + LTC_ARGCHKVD(key != NULL); + mp_clear_multi(key->g, key->q, key->p, key->x, key->y, NULL); } #endif /* $Source: /cvs/libtom/libtomcrypt/src/pk/dsa/dsa_free.c,v $ */ -/* $Revision: 1.3 $ */ -/* $Date: 2005/05/05 14:35:59 $ */ +/* $Revision: 1.6 $ */ +/* $Date: 2006/06/09 01:38:13 $ */ diff --git a/libtomcrypt/src/pk/dsa/dsa_import.c b/libtomcrypt/src/pk/dsa/dsa_import.c index e81bac8..bb2272a 100644 --- a/libtomcrypt/src/pk/dsa/dsa_import.c +++ b/libtomcrypt/src/pk/dsa/dsa_import.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ #include "tomcrypt.h" @@ -31,9 +31,10 @@ int dsa_import(const unsigned char *in, unsigned long inlen, dsa_key *key) LTC_ARGCHK(in != NULL); LTC_ARGCHK(key != NULL); + LTC_ARGCHK(ltc_mp.name != NULL); /* init key */ - if (mp_init_multi(&key->p, &key->g, &key->q, &key->x, &key->y, NULL) != MP_OKAY) { + if (mp_init_multi(&key->p, &key->g, &key->q, &key->x, &key->y, NULL) != CRYPT_OK) { return CRYPT_MEM; } @@ -47,11 +48,11 @@ int dsa_import(const unsigned char *in, unsigned long inlen, dsa_key *key) if (flags[0] == 1) { if ((err = der_decode_sequence_multi(in, inlen, LTC_ASN1_BIT_STRING, 1UL, flags, - LTC_ASN1_INTEGER, 1UL, &key->g, - LTC_ASN1_INTEGER, 1UL, &key->p, - LTC_ASN1_INTEGER, 1UL, &key->q, - LTC_ASN1_INTEGER, 1UL, &key->y, - LTC_ASN1_INTEGER, 1UL, &key->x, + LTC_ASN1_INTEGER, 1UL, key->g, + LTC_ASN1_INTEGER, 1UL, key->p, + LTC_ASN1_INTEGER, 1UL, key->q, + LTC_ASN1_INTEGER, 1UL, key->y, + LTC_ASN1_INTEGER, 1UL, key->x, LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { goto error; } @@ -59,31 +60,31 @@ int dsa_import(const unsigned char *in, unsigned long inlen, dsa_key *key) } else { if ((err = der_decode_sequence_multi(in, inlen, LTC_ASN1_BIT_STRING, 1UL, flags, - LTC_ASN1_INTEGER, 1UL, &key->g, - LTC_ASN1_INTEGER, 1UL, &key->p, - LTC_ASN1_INTEGER, 1UL, &key->q, - LTC_ASN1_INTEGER, 1UL, &key->y, + LTC_ASN1_INTEGER, 1UL, key->g, + LTC_ASN1_INTEGER, 1UL, key->p, + LTC_ASN1_INTEGER, 1UL, key->q, + LTC_ASN1_INTEGER, 1UL, key->y, LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { goto error; } key->type = PK_PUBLIC; } - key->qord = mp_unsigned_bin_size(&key->q); + key->qord = mp_unsigned_bin_size(key->q); if (key->qord >= MDSA_MAX_GROUP || key->qord <= 15 || - key->qord >= mp_unsigned_bin_size(&key->p) || (mp_unsigned_bin_size(&key->p) - key->qord) >= MDSA_DELTA) { + (unsigned long)key->qord >= mp_unsigned_bin_size(key->p) || (mp_unsigned_bin_size(key->p) - key->qord) >= MDSA_DELTA) { err = CRYPT_INVALID_PACKET; goto error; } return CRYPT_OK; error: - mp_clear_multi(&key->p, &key->g, &key->q, &key->x, &key->y, NULL); + mp_clear_multi(key->p, key->g, key->q, key->x, key->y, NULL); return err; } #endif /* $Source: /cvs/libtom/libtomcrypt/src/pk/dsa/dsa_import.c,v $ */ -/* $Revision: 1.7 $ */ -/* $Date: 2005/06/08 23:31:17 $ */ +/* $Revision: 1.12 $ */ +/* $Date: 2006/03/31 14:15:35 $ */ diff --git a/libtomcrypt/src/pk/dsa/dsa_make_key.c b/libtomcrypt/src/pk/dsa/dsa_make_key.c index 02f69e0..293e814 100644 --- a/libtomcrypt/src/pk/dsa/dsa_make_key.c +++ b/libtomcrypt/src/pk/dsa/dsa_make_key.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ #include "tomcrypt.h" @@ -28,11 +28,12 @@ */ int dsa_make_key(prng_state *prng, int wprng, int group_size, int modulus_size, dsa_key *key) { - mp_int tmp, tmp2; + void *tmp, *tmp2; int err, res; unsigned char *buf; LTC_ARGCHK(key != NULL); + LTC_ARGCHK(ltc_mp.name != NULL); /* check prng */ if ((err = prng_is_valid(wprng)) != CRYPT_OK) { @@ -52,21 +53,21 @@ int dsa_make_key(prng_state *prng, int wprng, int group_size, int modulus_size, } /* init mp_ints */ - if ((err = mp_init_multi(&tmp, &tmp2, &key->g, &key->q, &key->p, &key->x, &key->y, NULL)) != MP_OKAY) { - err = mpi_to_ltc_error(err); - goto LBL_ERR; + if ((err = mp_init_multi(&tmp, &tmp2, &key->g, &key->q, &key->p, &key->x, &key->y, NULL)) != CRYPT_OK) { + XFREE(buf); + return err; } /* make our prime q */ - if ((err = rand_prime(&key->q, group_size*8, prng, wprng)) != CRYPT_OK) { goto LBL_ERR; } + if ((err = rand_prime(key->q, group_size, prng, wprng)) != CRYPT_OK) { goto error; } /* double q */ - if ((err = mp_mul_2(&key->q, &tmp)) != MP_OKAY) { goto error; } + if ((err = mp_add(key->q, key->q, tmp)) != CRYPT_OK) { goto error; } /* now make a random string and multply it against q */ if (prng_descriptor[wprng].read(buf+1, modulus_size - group_size, prng) != (unsigned long)(modulus_size - group_size)) { err = CRYPT_ERROR_READPRNG; - goto LBL_ERR; + goto error; } /* force magnitude */ @@ -75,30 +76,30 @@ int dsa_make_key(prng_state *prng, int wprng, int group_size, int modulus_size, /* force even */ buf[modulus_size - group_size - 1] &= ~1; - if ((err = mp_read_unsigned_bin(&tmp2, buf, modulus_size - group_size)) != MP_OKAY) { goto error; } - if ((err = mp_mul(&key->q, &tmp2, &key->p)) != MP_OKAY) { goto error; } - if ((err = mp_add_d(&key->p, 1, &key->p)) != MP_OKAY) { goto error; } + if ((err = mp_read_unsigned_bin(tmp2, buf, modulus_size - group_size)) != CRYPT_OK) { goto error; } + if ((err = mp_mul(key->q, tmp2, key->p)) != CRYPT_OK) { goto error; } + if ((err = mp_add_d(key->p, 1, key->p)) != CRYPT_OK) { goto error; } /* now loop until p is prime */ for (;;) { - if ((err = is_prime(&key->p, &res)) != CRYPT_OK) { goto LBL_ERR; } - if (res == MP_YES) break; + if ((err = mp_prime_is_prime(key->p, 8, &res)) != CRYPT_OK) { goto error; } + if (res == LTC_MP_YES) break; /* add 2q to p and 2 to tmp2 */ - if ((err = mp_add(&tmp, &key->p, &key->p)) != MP_OKAY) { goto error; } - if ((err = mp_add_d(&tmp2, 2, &tmp2)) != MP_OKAY) { goto error; } + if ((err = mp_add(tmp, key->p, key->p)) != CRYPT_OK) { goto error; } + if ((err = mp_add_d(tmp2, 2, tmp2)) != CRYPT_OK) { goto error; } } /* now p = (q * tmp2) + 1 is prime, find a value g for which g^tmp2 != 1 */ - mp_set(&key->g, 1); + mp_set(key->g, 1); do { - if ((err = mp_add_d(&key->g, 1, &key->g)) != MP_OKAY) { goto error; } - if ((err = mp_exptmod(&key->g, &tmp2, &key->p, &tmp)) != MP_OKAY) { goto error; } - } while (mp_cmp_d(&tmp, 1) == MP_EQ); + if ((err = mp_add_d(key->g, 1, key->g)) != CRYPT_OK) { goto error; } + if ((err = mp_exptmod(key->g, tmp2, key->p, tmp)) != CRYPT_OK) { goto error; } + } while (mp_cmp_d(tmp, 1) == LTC_MP_EQ); /* at this point tmp generates a group of order q mod p */ - mp_exch(&tmp, &key->g); + mp_exch(tmp, key->g); /* so now we have our DH structure, generator g, order q, modulus p Now we need a random exponent [mod q] and it's power g^x mod p @@ -106,22 +107,15 @@ int dsa_make_key(prng_state *prng, int wprng, int group_size, int modulus_size, do { if (prng_descriptor[wprng].read(buf, group_size, prng) != (unsigned long)group_size) { err = CRYPT_ERROR_READPRNG; - goto LBL_ERR; + goto error; } - if ((err = mp_read_unsigned_bin(&key->x, buf, group_size)) != MP_OKAY) { goto error; } - } while (mp_cmp_d(&key->x, 1) != MP_GT); - if ((err = mp_exptmod(&key->g, &key->x, &key->p, &key->y)) != MP_OKAY) { goto error; } - + if ((err = mp_read_unsigned_bin(key->x, buf, group_size)) != CRYPT_OK) { goto error; } + } while (mp_cmp_d(key->x, 1) != LTC_MP_GT); + if ((err = mp_exptmod(key->g, key->x, key->p, key->y)) != CRYPT_OK) { goto error; } + key->type = PK_PRIVATE; key->qord = group_size; - /* shrink the ram required */ - if ((err = mp_shrink(&key->g)) != MP_OKAY) { goto error; } - if ((err = mp_shrink(&key->p)) != MP_OKAY) { goto error; } - if ((err = mp_shrink(&key->q)) != MP_OKAY) { goto error; } - if ((err = mp_shrink(&key->x)) != MP_OKAY) { goto error; } - if ((err = mp_shrink(&key->y)) != MP_OKAY) { goto error; } - #ifdef LTC_CLEAN_STACK zeromem(buf, MDSA_DELTA); #endif @@ -129,12 +123,9 @@ int dsa_make_key(prng_state *prng, int wprng, int group_size, int modulus_size, err = CRYPT_OK; goto done; error: - err = mpi_to_ltc_error(err); -LBL_ERR: - mp_clear_multi(&key->g, &key->q, &key->p, &key->x, &key->y, NULL); + mp_clear_multi(key->g, key->q, key->p, key->x, key->y, NULL); done: - mp_clear_multi(&tmp, &tmp2, NULL); - + mp_clear_multi(tmp, tmp2, NULL); XFREE(buf); return err; } @@ -142,5 +133,5 @@ done: #endif /* $Source: /cvs/libtom/libtomcrypt/src/pk/dsa/dsa_make_key.c,v $ */ -/* $Revision: 1.4 $ */ -/* $Date: 2005/06/11 05:45:35 $ */ +/* $Revision: 1.10 $ */ +/* $Date: 2006/12/04 03:18:43 $ */ diff --git a/libtomcrypt/src/pk/dsa/dsa_shared_secret.c b/libtomcrypt/src/pk/dsa/dsa_shared_secret.c new file mode 100644 index 0000000..570d637 --- /dev/null +++ b/libtomcrypt/src/pk/dsa/dsa_shared_secret.c @@ -0,0 +1,72 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com + */ +#include "tomcrypt.h" + +/** + @file dsa_shared_secret.c + DSA Crypto, Tom St Denis +*/ + +#ifdef MDSA + +/** + Create a DSA shared secret between two keys + @param private_key The private DSA key (the exponent) + @param base The base of the exponentiation (allows this to be used for both encrypt and decrypt) + @param public_key The public key + @param out [out] Destination of the shared secret + @param outlen [in/out] The max size and resulting size of the shared secret + @return CRYPT_OK if successful +*/ +int dsa_shared_secret(void *private_key, void *base, + dsa_key *public_key, + unsigned char *out, unsigned long *outlen) +{ + unsigned long x; + void *res; + int err; + + LTC_ARGCHK(private_key != NULL); + LTC_ARGCHK(public_key != NULL); + LTC_ARGCHK(out != NULL); + LTC_ARGCHK(outlen != NULL); + + /* make new point */ + if ((err = mp_init(&res)) != CRYPT_OK) { + return err; + } + + if ((err = mp_exptmod(base, private_key, public_key->p, res)) != CRYPT_OK) { + mp_clear(res); + return err; + } + + x = (unsigned long)mp_unsigned_bin_size(res); + if (*outlen < x) { + *outlen = x; + err = CRYPT_BUFFER_OVERFLOW; + goto done; + } + zeromem(out, x); + if ((err = mp_to_unsigned_bin(res, out + (x - mp_unsigned_bin_size(res)))) != CRYPT_OK) { goto done; } + + err = CRYPT_OK; + *outlen = x; +done: + mp_clear(res); + return err; +} + +#endif +/* $Source: /cvs/libtom/libtomcrypt/src/pk/dsa/dsa_shared_secret.c,v $ */ +/* $Revision: 1.7 $ */ +/* $Date: 2006/12/04 03:18:43 $ */ + diff --git a/libtomcrypt/src/pk/dsa/dsa_sign_hash.c b/libtomcrypt/src/pk/dsa/dsa_sign_hash.c index 48d29a2..f84dd28 100644 --- a/libtomcrypt/src/pk/dsa/dsa_sign_hash.c +++ b/libtomcrypt/src/pk/dsa/dsa_sign_hash.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ #include "tomcrypt.h" @@ -29,10 +29,10 @@ @return CRYPT_OK if successful */ int dsa_sign_hash_raw(const unsigned char *in, unsigned long inlen, - mp_int *r, mp_int *s, + void *r, void *s, prng_state *prng, int wprng, dsa_key *key) { - mp_int k, kinv, tmp; + void *k, *kinv, *tmp; unsigned char *buf; int err; @@ -59,7 +59,7 @@ int dsa_sign_hash_raw(const unsigned char *in, unsigned long inlen, } /* Init our temps */ - if ((err = mp_init_multi(&k, &kinv, &tmp, NULL)) != MP_OKAY) { goto error; } + if ((err = mp_init_multi(&k, &kinv, &tmp, NULL)) != CRYPT_OK) { goto ERRBUF; } retry: @@ -67,43 +67,40 @@ retry: /* gen random k */ if (prng_descriptor[wprng].read(buf, key->qord, prng) != (unsigned long)key->qord) { err = CRYPT_ERROR_READPRNG; - goto LBL_ERR; + goto error; } /* read k */ - if ((err = mp_read_unsigned_bin(&k, buf, key->qord)) != MP_OKAY) { goto error; } + if ((err = mp_read_unsigned_bin(k, buf, key->qord)) != CRYPT_OK) { goto error; } /* k > 1 ? */ - if (mp_cmp_d(&k, 1) != MP_GT) { goto retry; } + if (mp_cmp_d(k, 1) != LTC_MP_GT) { goto retry; } /* test gcd */ - if ((err = mp_gcd(&k, &key->q, &tmp)) != MP_OKAY) { goto error; } - } while (mp_cmp_d(&tmp, 1) != MP_EQ); + if ((err = mp_gcd(k, key->q, tmp)) != CRYPT_OK) { goto error; } + } while (mp_cmp_d(tmp, 1) != LTC_MP_EQ); /* now find 1/k mod q */ - if ((err = mp_invmod(&k, &key->q, &kinv)) != MP_OKAY) { goto error; } + if ((err = mp_invmod(k, key->q, kinv)) != CRYPT_OK) { goto error; } /* now find r = g^k mod p mod q */ - if ((err = mp_exptmod(&key->g, &k, &key->p, r)) != MP_OKAY) { goto error; } - if ((err = mp_mod(r, &key->q, r)) != MP_OKAY) { goto error; } + if ((err = mp_exptmod(key->g, k, key->p, r)) != CRYPT_OK) { goto error; } + if ((err = mp_mod(r, key->q, r)) != CRYPT_OK) { goto error; } - if (mp_iszero(r) == MP_YES) { goto retry; } + if (mp_iszero(r) == LTC_MP_YES) { goto retry; } /* now find s = (in + xr)/k mod q */ - if ((err = mp_read_unsigned_bin(&tmp, (unsigned char *)in, inlen)) != MP_OKAY) { goto error; } - if ((err = mp_mul(&key->x, r, s)) != MP_OKAY) { goto error; } - if ((err = mp_add(s, &tmp, s)) != MP_OKAY) { goto error; } - if ((err = mp_mulmod(s, &kinv, &key->q, s)) != MP_OKAY) { goto error; } + if ((err = mp_read_unsigned_bin(tmp, (unsigned char *)in, inlen)) != CRYPT_OK) { goto error; } + if ((err = mp_mul(key->x, r, s)) != CRYPT_OK) { goto error; } + if ((err = mp_add(s, tmp, s)) != CRYPT_OK) { goto error; } + if ((err = mp_mulmod(s, kinv, key->q, s)) != CRYPT_OK) { goto error; } - if (mp_iszero(s) == MP_YES) { goto retry; } + if (mp_iszero(s) == LTC_MP_YES) { goto retry; } err = CRYPT_OK; - goto LBL_ERR; - error: - err = mpi_to_ltc_error(err); -LBL_ERR: - mp_clear_multi(&k, &kinv, &tmp, NULL); + mp_clear_multi(k, kinv, tmp, NULL); +ERRBUF: #ifdef LTC_CLEAN_STACK zeromem(buf, MDSA_MAX_GROUP); #endif @@ -126,7 +123,7 @@ int dsa_sign_hash(const unsigned char *in, unsigned long inlen, unsigned char *out, unsigned long *outlen, prng_state *prng, int wprng, dsa_key *key) { - mp_int r, s; + void *r, *s; int err; LTC_ARGCHK(in != NULL); @@ -134,26 +131,26 @@ int dsa_sign_hash(const unsigned char *in, unsigned long inlen, LTC_ARGCHK(outlen != NULL); LTC_ARGCHK(key != NULL); - if (mp_init_multi(&r, &s, NULL) != MP_OKAY) { + if (mp_init_multi(&r, &s, NULL) != CRYPT_OK) { return CRYPT_MEM; } - if ((err = dsa_sign_hash_raw(in, inlen, &r, &s, prng, wprng, key)) != CRYPT_OK) { - goto LBL_ERR; + if ((err = dsa_sign_hash_raw(in, inlen, r, s, prng, wprng, key)) != CRYPT_OK) { + goto error; } err = der_encode_sequence_multi(out, outlen, - LTC_ASN1_INTEGER, 1UL, &r, - LTC_ASN1_INTEGER, 1UL, &s, + LTC_ASN1_INTEGER, 1UL, r, + LTC_ASN1_INTEGER, 1UL, s, LTC_ASN1_EOL, 0UL, NULL); -LBL_ERR: - mp_clear_multi(&r, &s, NULL); +error: + mp_clear_multi(r, s, NULL); return err; } #endif /* $Source: /cvs/libtom/libtomcrypt/src/pk/dsa/dsa_sign_hash.c,v $ */ -/* $Revision: 1.6 $ */ -/* $Date: 2005/05/15 21:48:59 $ */ +/* $Revision: 1.12 $ */ +/* $Date: 2006/12/04 22:27:56 $ */ diff --git a/libtomcrypt/src/pk/dsa/dsa_verify_hash.c b/libtomcrypt/src/pk/dsa/dsa_verify_hash.c index 11e5c33..0e8ff22 100644 --- a/libtomcrypt/src/pk/dsa/dsa_verify_hash.c +++ b/libtomcrypt/src/pk/dsa/dsa_verify_hash.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ #include "tomcrypt.h" @@ -28,11 +28,11 @@ @param key The corresponding public DH key @return CRYPT_OK if successful (even if the signature is invalid) */ -int dsa_verify_hash_raw( mp_int *r, mp_int *s, +int dsa_verify_hash_raw( void *r, void *s, const unsigned char *hash, unsigned long hashlen, int *stat, dsa_key *key) { - mp_int w, v, u1, u2; + void *w, *v, *u1, *u2; int err; LTC_ARGCHK(r != NULL); @@ -44,42 +44,40 @@ int dsa_verify_hash_raw( mp_int *r, mp_int *s, *stat = 0; /* init our variables */ - if ((err = mp_init_multi(&w, &v, &u1, &u2, NULL)) != MP_OKAY) { - return mpi_to_ltc_error(err); + if ((err = mp_init_multi(&w, &v, &u1, &u2, NULL)) != CRYPT_OK) { + return err; } /* neither r or s can be null or >q*/ - if (mp_iszero(r) == MP_YES || mp_iszero(s) == MP_YES || mp_cmp(r, &key->q) != MP_LT || mp_cmp(s, &key->q) != MP_LT) { + if (mp_iszero(r) == LTC_MP_YES || mp_iszero(s) == LTC_MP_YES || mp_cmp(r, key->q) != LTC_MP_LT || mp_cmp(s, key->q) != LTC_MP_LT) { err = CRYPT_INVALID_PACKET; - goto done; + goto error; } /* w = 1/s mod q */ - if ((err = mp_invmod(s, &key->q, &w)) != MP_OKAY) { goto error; } + if ((err = mp_invmod(s, key->q, w)) != CRYPT_OK) { goto error; } /* u1 = m * w mod q */ - if ((err = mp_read_unsigned_bin(&u1, (unsigned char *)hash, hashlen)) != MP_OKAY) { goto error; } - if ((err = mp_mulmod(&u1, &w, &key->q, &u1)) != MP_OKAY) { goto error; } + if ((err = mp_read_unsigned_bin(u1, (unsigned char *)hash, hashlen)) != CRYPT_OK) { goto error; } + if ((err = mp_mulmod(u1, w, key->q, u1)) != CRYPT_OK) { goto error; } /* u2 = r*w mod q */ - if ((err = mp_mulmod(r, &w, &key->q, &u2)) != MP_OKAY) { goto error; } + if ((err = mp_mulmod(r, w, key->q, u2)) != CRYPT_OK) { goto error; } /* v = g^u1 * y^u2 mod p mod q */ - if ((err = mp_exptmod(&key->g, &u1, &key->p, &u1)) != MP_OKAY) { goto error; } - if ((err = mp_exptmod(&key->y, &u2, &key->p, &u2)) != MP_OKAY) { goto error; } - if ((err = mp_mulmod(&u1, &u2, &key->p, &v)) != MP_OKAY) { goto error; } - if ((err = mp_mod(&v, &key->q, &v)) != MP_OKAY) { goto error; } + if ((err = mp_exptmod(key->g, u1, key->p, u1)) != CRYPT_OK) { goto error; } + if ((err = mp_exptmod(key->y, u2, key->p, u2)) != CRYPT_OK) { goto error; } + if ((err = mp_mulmod(u1, u2, key->p, v)) != CRYPT_OK) { goto error; } + if ((err = mp_mod(v, key->q, v)) != CRYPT_OK) { goto error; } /* if r = v then we're set */ - if (mp_cmp(r, &v) == MP_EQ) { + if (mp_cmp(r, v) == LTC_MP_EQ) { *stat = 1; } err = CRYPT_OK; - goto done; - -error : err = mpi_to_ltc_error(err); -done : mp_clear_multi(&w, &v, &u1, &u2, NULL); +error: + mp_clear_multi(w, v, u1, u2, NULL); return err; } @@ -98,7 +96,7 @@ int dsa_verify_hash(const unsigned char *sig, unsigned long siglen, int *stat, dsa_key *key) { int err; - mp_int r, s; + void *r, *s; if ((err = mp_init_multi(&r, &s, NULL)) != CRYPT_OK) { return CRYPT_MEM; @@ -106,17 +104,17 @@ int dsa_verify_hash(const unsigned char *sig, unsigned long siglen, /* decode the sequence */ if ((err = der_decode_sequence_multi(sig, siglen, - LTC_ASN1_INTEGER, 1UL, &r, - LTC_ASN1_INTEGER, 1UL, &s, + LTC_ASN1_INTEGER, 1UL, r, + LTC_ASN1_INTEGER, 1UL, s, LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { goto LBL_ERR; } /* do the op */ - err = dsa_verify_hash_raw(&r, &s, hash, hashlen, stat, key); + err = dsa_verify_hash_raw(r, s, hash, hashlen, stat, key); LBL_ERR: - mp_clear_multi(&r, &s, NULL); + mp_clear_multi(r, s, NULL); return err; } @@ -124,5 +122,5 @@ LBL_ERR: /* $Source: /cvs/libtom/libtomcrypt/src/pk/dsa/dsa_verify_hash.c,v $ */ -/* $Revision: 1.8 $ */ -/* $Date: 2005/05/15 21:48:59 $ */ +/* $Revision: 1.13 $ */ +/* $Date: 2006/12/04 03:18:43 $ */ diff --git a/libtomcrypt/src/pk/dsa/dsa_verify_key.c b/libtomcrypt/src/pk/dsa/dsa_verify_key.c index b7be103..27054d6 100644 --- a/libtomcrypt/src/pk/dsa/dsa_verify_key.c +++ b/libtomcrypt/src/pk/dsa/dsa_verify_key.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ #include "tomcrypt.h" @@ -25,7 +25,7 @@ */ int dsa_verify_key(dsa_key *key, int *stat) { - mp_int tmp, tmp2; + void *tmp, *tmp2; int res, err; LTC_ARGCHK(key != NULL); @@ -35,15 +35,14 @@ int dsa_verify_key(dsa_key *key, int *stat) *stat = 0; /* first make sure key->q and key->p are prime */ - if ((err = is_prime(&key->q, &res)) != CRYPT_OK) { + if ((err = mp_prime_is_prime(key->q, 8, &res)) != CRYPT_OK) { return err; } if (res == 0) { return CRYPT_OK; } - - if ((err = is_prime(&key->p, &res)) != CRYPT_OK) { + if ((err = mp_prime_is_prime(key->p, 8, &res)) != CRYPT_OK) { return err; } if (res == 0) { @@ -51,52 +50,51 @@ int dsa_verify_key(dsa_key *key, int *stat) } /* now make sure that g is not -1, 0 or 1 and <p */ - if (mp_cmp_d(&key->g, 0) == MP_EQ || mp_cmp_d(&key->g, 1) == MP_EQ) { + if (mp_cmp_d(key->g, 0) == LTC_MP_EQ || mp_cmp_d(key->g, 1) == LTC_MP_EQ) { return CRYPT_OK; } - if ((err = mp_init_multi(&tmp, &tmp2, NULL)) != MP_OKAY) { goto error; } - if ((err = mp_sub_d(&key->p, 1, &tmp)) != MP_OKAY) { goto error; } - if (mp_cmp(&tmp, &key->g) == MP_EQ || mp_cmp(&key->g, &key->p) != MP_LT) { + if ((err = mp_init_multi(&tmp, &tmp2, NULL)) != CRYPT_OK) { return err; } + if ((err = mp_sub_d(key->p, 1, tmp)) != CRYPT_OK) { goto error; } + if (mp_cmp(tmp, key->g) == LTC_MP_EQ || mp_cmp(key->g, key->p) != LTC_MP_LT) { err = CRYPT_OK; - goto done; + goto error; } /* 1 < y < p-1 */ - if (!(mp_cmp_d(&key->y, 1) == MP_GT && mp_cmp(&key->y, &tmp) == MP_LT)) { + if (!(mp_cmp_d(key->y, 1) == LTC_MP_GT && mp_cmp(key->y, tmp) == LTC_MP_LT)) { err = CRYPT_OK; - goto done; + goto error; } /* now we have to make sure that g^q = 1, and that p-1/q gives 0 remainder */ - if ((err = mp_div(&tmp, &key->q, &tmp, &tmp2)) != MP_OKAY) { goto error; } - if (mp_iszero(&tmp2) != MP_YES) { + if ((err = mp_div(tmp, key->q, tmp, tmp2)) != CRYPT_OK) { goto error; } + if (mp_iszero(tmp2) != LTC_MP_YES) { err = CRYPT_OK; - goto done; + goto error; } - if ((err = mp_exptmod(&key->g, &key->q, &key->p, &tmp)) != MP_OKAY) { goto error; } - if (mp_cmp_d(&tmp, 1) != MP_EQ) { + if ((err = mp_exptmod(key->g, key->q, key->p, tmp)) != CRYPT_OK) { goto error; } + if (mp_cmp_d(tmp, 1) != LTC_MP_EQ) { err = CRYPT_OK; - goto done; + goto error; } /* now we have to make sure that y^q = 1, this makes sure y \in g^x mod p */ - if ((err = mp_exptmod(&key->y, &key->q, &key->p, &tmp)) != MP_OKAY) { goto error; } - if (mp_cmp_d(&tmp, 1) != MP_EQ) { + if ((err = mp_exptmod(key->y, key->q, key->p, tmp)) != CRYPT_OK) { goto error; } + if (mp_cmp_d(tmp, 1) != LTC_MP_EQ) { err = CRYPT_OK; - goto done; + goto error; } /* at this point we are out of tests ;-( */ err = CRYPT_OK; *stat = 1; - goto done; -error: err = mpi_to_ltc_error(err); -done : mp_clear_multi(&tmp, &tmp2, NULL); +error: + mp_clear_multi(tmp, tmp2, NULL); return err; } #endif /* $Source: /cvs/libtom/libtomcrypt/src/pk/dsa/dsa_verify_key.c,v $ */ -/* $Revision: 1.3 $ */ -/* $Date: 2005/05/05 14:35:59 $ */ +/* $Revision: 1.6 $ */ +/* $Date: 2006/12/04 03:18:43 $ */ diff --git a/libtomcrypt/src/pk/ecc/ecc.c b/libtomcrypt/src/pk/ecc/ecc.c index 469d56d..90bbed4 100644 --- a/libtomcrypt/src/pk/ecc/ecc.c +++ b/libtomcrypt/src/pk/ecc/ecc.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ /* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b @@ -23,125 +23,94 @@ #ifdef MECC -/* size of our temp buffers for exported keys */ -#define ECC_BUF_SIZE 256 - -/* max private key size */ -#define ECC_MAXSIZE 66 - /* This holds the key settings. ***MUST*** be organized by size from smallest to largest. */ -static const struct { - int size; - char *name, *prime, *B, *order, *Gx, *Gy; -} sets[] = { +const ltc_ecc_set_type ltc_ecc_sets[] = { +#ifdef ECC112 +{ + 14, + "SECP112R1", + "DB7C2ABF62E35E668076BEAD208B", + "659EF8BA043916EEDE8911702B22", + "DB7C2ABF62E35E7628DFAC6561C5", + "09487239995A5EE76B55F9C2F098", + "A89CE5AF8724C0A23E0E0FF77500" +}, +#endif +#ifdef ECC128 +{ + 16, + "SECP128R1", + "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF", + "E87579C11079F43DD824993C2CEE5ED3", + "FFFFFFFE0000000075A30D1B9038A115", + "161FF7528B899B2D0C28607CA52C5B86", + "CF5AC8395BAFEB13C02DA292DDED7A83", +}, +#endif +#ifdef ECC160 +{ + 20, + "SECP160R1", + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF", + "1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45", + "0100000000000000000001F4C8F927AED3CA752257", + "4A96B5688EF573284664698968C38BB913CBFC82", + "23A628553168947D59DCC912042351377AC5FB32", +}, +#endif #ifdef ECC192 { - 24, - "ECC-192", - /* prime */ - "/////////////////////l//////////", - - /* B */ - "P2456UMSWESFf+chSYGmIVwutkp1Hhcn", - - /* order */ - "////////////////cTxuDXHhoR6qqYWn", - - /* Gx */ - "68se3h0maFPylo3hGw680FJ/2ls2/n0I", - - /* Gy */ - "1nahbV/8sdXZ417jQoJDrNFvTw4UUKWH" + 24, + "ECC-192", + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF", + "64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1", + "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831", + "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012", + "7192B95FFC8DA78631011ED6B24CDD573F977A11E794811", }, #endif #ifdef ECC224 { - 28, - "ECC-224", - - /* prime */ - "3/////////////////////0000000000000001", - - /* B */ - "2q1Gg530Ipg/L1CbPGHB2trx/OkYSBEKCZLV+q", - - /* order */ - "3//////////////////nQYuBZmFXFTAKLSN2ez", - - /* Gx */ - "2t3WozQxI/Vp8JaBbA0y7JLi8H8ZGoWDOHN1qX", - - - /* Gy */ - "2zDsE8jVSZ+qmYt+RDGtMWMWT7P4JLWPc507uq", + 28, + "ECC-224", + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001", + "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4", + "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D", + "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21", + "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34", }, #endif #ifdef ECC256 { - 32, - "ECC-256", - /* Prime */ - "F////y000010000000000000000////////////////", - - /* B */ - "5h6DTYgEfFdi+kzLNQOXhnb7GQmp5EmzZlEF3udqc1B", - - /* Order */ - "F////y00000//////////+yvlgjfnUUXFEvoiByOoLH", - - /* Gx */ - "6iNqVBXB497+BpcvMEaGF9t0ts1BUipeFIXEKNOcCAM", - - /* Gy */ - "4/ZGkB+6d+RZkVhIdmFdXOhpZDNQp5UpiksG6Wtlr7r" + 32, + "ECC-256", + "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF", + "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B", + "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551", + "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296", + "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5", }, #endif #ifdef ECC384 { - 48, - "ECC-384", - /* prime */ - "//////////////////////////////////////////x/////00000000003/" - "////", - - /* B */ - "ip4lf+8+v+IOZWLhu/Wj6HWTd6x+WK4I0nG8Zr0JXrh6LZcDYYxHdIg5oEtJ" - "x2hl", - - /* Order */ - "////////////////////////////////nsDDWVGtBTzO6WsoIB2dUkpi6MhC" - "nIbp", - - /* Gx and Gy */ - "geVA8hwB1JUEiSSUyo2jT6uTEsABfvkOMVT1u89KAZXL0l9TlrKfR3fKNZXo" - "TWgt", - - "DXVUIfOcB6zTdfY/afBSAVZq7RqecXHywTen4xNmkC0AOB7E7Nw1dNf37NoG" - "wWvV" + 48, + "ECC-384", + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF", + "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF", + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973", + "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7", + "3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F", }, #endif #ifdef ECC521 { - 65, - "ECC-521", - /* prime */ - "V///////////////////////////////////////////////////////////" - "///////////////////////////", - - /* B */ - "56LFhbXZXoQ7vAQ8Q2sXK3kejfoMvcp5VEuj8cHZl49uLOPEL7iVfDx5bB0l" - "JknlmSrSz+8FImqyUz57zHhK3y0", - - /* Order */ - "V//////////////////////////////////////////+b66XuE/BvPhVym1I" - "FS9fT0xjScuYPn7hhjljnwHE6G9", - - /* Gx and Gy */ - "CQ5ZWQt10JfpPu+osOZbRH2d6I1EGK/jI7uAAzWQqqzkg5BNdVlvrae/Xt19" - "wB/gDupIBF1XMf2c/b+VZ72vRrc", - - "HWvAMfucZl015oANxGiVHlPcFL4ILURH6WNhxqN9pvcB9VkSfbUz2P0nL2v0" - "J+j1s4rF726edB2G8Y+b7QVqMPG", + 66, + "ECC-521", + "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", + "51953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00", + "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409", + "C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66", + "11839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C7086A272C24088BE94769FD16650", }, #endif { @@ -150,887 +119,9 @@ static const struct { } }; -static int is_valid_idx(int n) -{ - int x; - - for (x = 0; sets[x].size != 0; x++); - if ((n < 0) || (n >= x)) { - return 0; - } - return 1; -} - -static ecc_point *new_point(void) -{ - ecc_point *p; - p = XMALLOC(sizeof(ecc_point)); - if (p == NULL) { - return NULL; - } - if (mp_init_multi(&p->x, &p->y, &p->z, NULL) != MP_OKAY) { - XFREE(p); - return NULL; - } - return p; -} - -static void del_point(ecc_point *p) -{ - /* prevents free'ing null arguments */ - if (p != NULL) { - mp_clear_multi(&p->x, &p->y, &p->z, NULL); - XFREE(p); - } -} - -static int ecc_map(ecc_point *P, mp_int *modulus, mp_digit mp) -{ - mp_int t1, t2; - int err; - - if ((err = mp_init_multi(&t1, &t2, NULL)) != CRYPT_OK) { - return CRYPT_MEM; - } - - /* first map z back to normal */ - if ((err = mp_montgomery_reduce(&P->z, modulus, mp)) != MP_OKAY) { goto error; } - - /* get 1/z */ - if ((err = mp_invmod(&P->z, modulus, &t1)) != MP_OKAY) { goto error; } - - /* get 1/z^2 and 1/z^3 */ - if ((err = mp_sqr(&t1, &t2)) != MP_OKAY) { goto error; } - if ((err = mp_mod(&t2, modulus, &t2)) != MP_OKAY) { goto error; } - if ((err = mp_mul(&t1, &t2, &t1)) != MP_OKAY) { goto error; } - if ((err = mp_mod(&t1, modulus, &t1)) != MP_OKAY) { goto error; } - - /* multiply against x/y */ - if ((err = mp_mul(&P->x, &t2, &P->x)) != MP_OKAY) { goto error; } - if ((err = mp_montgomery_reduce(&P->x, modulus, mp)) != MP_OKAY) { goto error; } - if ((err = mp_mul(&P->y, &t1, &P->y)) != MP_OKAY) { goto error; } - if ((err = mp_montgomery_reduce(&P->y, modulus, mp)) != MP_OKAY) { goto error; } - mp_set(&P->z, 1); - - err = CRYPT_OK; - goto done; -error: - err = mpi_to_ltc_error(err); -done: - mp_clear_multi(&t1, &t2, NULL); - return err; - -} - -/* double a point R = 2P, R can be P*/ -static int dbl_point(ecc_point *P, ecc_point *R, mp_int *modulus, mp_digit mp) -{ - mp_int t1, t2; - int err; - - if ((err = mp_init_multi(&t1, &t2, NULL)) != MP_OKAY) { - return mpi_to_ltc_error(err); - } - - if ((err = mp_copy(&P->x, &R->x)) != MP_OKAY) { goto error; } - if ((err = mp_copy(&P->y, &R->y)) != MP_OKAY) { goto error; } - if ((err = mp_copy(&P->z, &R->z)) != MP_OKAY) { goto error; } - - /* t1 = Z * Z */ - if ((err = mp_sqr(&R->z, &t1)) != MP_OKAY) { goto error; } - if ((err = mp_montgomery_reduce(&t1, modulus, mp)) != MP_OKAY) { goto error; } - /* Z = Y * Z */ - if ((err = mp_mul(&R->z, &R->y, &R->z)) != MP_OKAY) { goto error; } - if ((err = mp_montgomery_reduce(&R->z, modulus, mp)) != MP_OKAY) { goto error; } - /* Z = 2Z */ - if ((err = mp_mul_2(&R->z, &R->z)) != MP_OKAY) { goto error; } - if (mp_cmp(&R->z, modulus) != MP_LT) { - if ((err = mp_sub(&R->z, modulus, &R->z)) != MP_OKAY) { goto error; } - } - - /* T2 = X - T1 */ - if ((err = mp_sub(&R->x, &t1, &t2)) != MP_OKAY) { goto error; } - if (mp_cmp_d(&t2, 0) == MP_LT) { - if ((err = mp_add(&t2, modulus, &t2)) != MP_OKAY) { goto error; } - } - /* T1 = X + T1 */ - if ((err = mp_add(&t1, &R->x, &t1)) != MP_OKAY) { goto error; } - if (mp_cmp(&t1, modulus) != MP_LT) { - if ((err = mp_sub(&t1, modulus, &t1)) != MP_OKAY) { goto error; } - } - /* T2 = T1 * T2 */ - if ((err = mp_mul(&t1, &t2, &t2)) != MP_OKAY) { goto error; } - if ((err = mp_montgomery_reduce(&t2, modulus, mp)) != MP_OKAY) { goto error; } - /* T1 = 2T2 */ - if ((err = mp_mul_2(&t2, &t1)) != MP_OKAY) { goto error; } - if (mp_cmp(&t1, modulus) != MP_LT) { - if ((err = mp_sub(&t1, modulus, &t1)) != MP_OKAY) { goto error; } - } - /* T1 = T1 + T2 */ - if ((err = mp_add(&t1, &t2, &t1)) != MP_OKAY) { goto error; } - if (mp_cmp(&t1, modulus) != MP_LT) { - if ((err = mp_sub(&t1, modulus, &t1)) != MP_OKAY) { goto error; } - } - - /* Y = 2Y */ - if ((err = mp_mul_2(&R->y, &R->y)) != MP_OKAY) { goto error; } - if (mp_cmp(&R->y, modulus) != MP_LT) { - if ((err = mp_sub(&R->y, modulus, &R->y)) != MP_OKAY) { goto error; } - } - /* Y = Y * Y */ - if ((err = mp_sqr(&R->y, &R->y)) != MP_OKAY) { goto error; } - if ((err = mp_montgomery_reduce(&R->y, modulus, mp)) != MP_OKAY) { goto error; } - /* T2 = Y * Y */ - if ((err = mp_sqr(&R->y, &t2)) != MP_OKAY) { goto error; } - if ((err = mp_montgomery_reduce(&t2, modulus, mp)) != MP_OKAY) { goto error; } - /* T2 = T2/2 */ - if (mp_isodd(&t2)) { - if ((err = mp_add(&t2, modulus, &t2)) != MP_OKAY) { goto error; } - } - if ((err = mp_div_2(&t2, &t2)) != MP_OKAY) { goto error; } - /* Y = Y * X */ - if ((err = mp_mul(&R->y, &R->x, &R->y)) != MP_OKAY) { goto error; } - if ((err = mp_montgomery_reduce(&R->y, modulus, mp)) != MP_OKAY) { goto error; } - - /* X = T1 * T1 */ - if ((err = mp_sqr(&t1, &R->x)) != MP_OKAY) { goto error; } - if ((err = mp_montgomery_reduce(&R->x, modulus, mp)) != MP_OKAY) { goto error; } - /* X = X - Y */ - if ((err = mp_sub(&R->x, &R->y, &R->x)) != MP_OKAY) { goto error; } - if (mp_cmp_d(&R->x, 0) == MP_LT) { - if ((err = mp_add(&R->x, modulus, &R->x)) != MP_OKAY) { goto error; } - } - /* X = X - Y */ - if ((err = mp_sub(&R->x, &R->y, &R->x)) != MP_OKAY) { goto error; } - if (mp_cmp_d(&R->x, 0) == MP_LT) { - if ((err = mp_add(&R->x, modulus, &R->x)) != MP_OKAY) { goto error; } - } - - /* Y = Y - X */ - if ((err = mp_sub(&R->y, &R->x, &R->y)) != MP_OKAY) { goto error; } - if (mp_cmp_d(&R->y, 0) == MP_LT) { - if ((err = mp_add(&R->y, modulus, &R->y)) != MP_OKAY) { goto error; } - } - /* Y = Y * T1 */ - if ((err = mp_mul(&R->y, &t1, &R->y)) != MP_OKAY) { goto error; } - if ((err = mp_montgomery_reduce(&R->y, modulus, mp)) != MP_OKAY) { goto error; } - /* Y = Y - T2 */ - if ((err = mp_sub(&R->y, &t2, &R->y)) != MP_OKAY) { goto error; } - if (mp_cmp_d(&R->y, 0) == MP_LT) { - if ((err = mp_add(&R->y, modulus, &R->y)) != MP_OKAY) { goto error; } - } - - err = CRYPT_OK; - goto done; -error: - err = mpi_to_ltc_error(err); -done: - mp_clear_multi(&t1, &t2, NULL); - return err; -} - -/* add two different points over Z/pZ, R = P + Q, note R can equal either P or Q */ -static int add_point(ecc_point *P, ecc_point *Q, ecc_point *R, mp_int *modulus, mp_digit mp) -{ - mp_int t1, t2, x, y, z; - int err; - - if ((err = mp_init_multi(&t1, &t2, &x, &y, &z, NULL)) != MP_OKAY) { - return mpi_to_ltc_error(err); - } - - if ((err = mp_copy(&P->x, &x)) != MP_OKAY) { goto error; } - if ((err = mp_copy(&P->y, &y)) != MP_OKAY) { goto error; } - if ((err = mp_copy(&P->z, &z)) != MP_OKAY) { goto error; } - - /* T1 = Z' * Z' */ - if ((err = mp_sqr(&Q->z, &t1)) != MP_OKAY) { goto error; } - if ((err = mp_montgomery_reduce(&t1, modulus, mp)) != MP_OKAY) { goto error; } - /* X = X * T1 */ - if ((err = mp_mul(&t1, &x, &x)) != MP_OKAY) { goto error; } - if ((err = mp_montgomery_reduce(&x, modulus, mp)) != MP_OKAY) { goto error; } - /* T1 = Z' * T1 */ - if ((err = mp_mul(&Q->z, &t1, &t1)) != MP_OKAY) { goto error; } - if ((err = mp_montgomery_reduce(&t1, modulus, mp)) != MP_OKAY) { goto error; } - /* Y = Y * T1 */ - if ((err = mp_mul(&t1, &y, &y)) != MP_OKAY) { goto error; } - if ((err = mp_montgomery_reduce(&y, modulus, mp)) != MP_OKAY) { goto error; } - - /* T1 = Z*Z */ - if ((err = mp_sqr(&z, &t1)) != MP_OKAY) { goto error; } - if ((err = mp_montgomery_reduce(&t1, modulus, mp)) != MP_OKAY) { goto error; } - /* T2 = X' * T1 */ - if ((err = mp_mul(&Q->x, &t1, &t2)) != MP_OKAY) { goto error; } - if ((err = mp_montgomery_reduce(&t2, modulus, mp)) != MP_OKAY) { goto error; } - /* T1 = Z * T1 */ - if ((err = mp_mul(&z, &t1, &t1)) != MP_OKAY) { goto error; } - if ((err = mp_montgomery_reduce(&t1, modulus, mp)) != MP_OKAY) { goto error; } - /* T1 = Y' * T1 */ - if ((err = mp_mul(&Q->y, &t1, &t1)) != MP_OKAY) { goto error; } - if ((err = mp_montgomery_reduce(&t1, modulus, mp)) != MP_OKAY) { goto error; } - - /* Y = Y - T1 */ - if ((err = mp_sub(&y, &t1, &y)) != MP_OKAY) { goto error; } - if (mp_cmp_d(&y, 0) == MP_LT) { - if ((err = mp_add(&y, modulus, &y)) != MP_OKAY) { goto error; } - } - /* T1 = 2T1 */ - if ((err = mp_mul_2(&t1, &t1)) != MP_OKAY) { goto error; } - if (mp_cmp(&t1, modulus) != MP_LT) { - if ((err = mp_sub(&t1, modulus, &t1)) != MP_OKAY) { goto error; } - } - /* T1 = Y + T1 */ - if ((err = mp_add(&t1, &y, &t1)) != MP_OKAY) { goto error; } - if (mp_cmp(&t1, modulus) != MP_LT) { - if ((err = mp_sub(&t1, modulus, &t1)) != MP_OKAY) { goto error; } - } - /* X = X - T2 */ - if ((err = mp_sub(&x, &t2, &x)) != MP_OKAY) { goto error; } - if (mp_cmp_d(&x, 0) == MP_LT) { - if ((err = mp_add(&x, modulus, &x)) != MP_OKAY) { goto error; } - } - /* T2 = 2T2 */ - if ((err = mp_mul_2(&t2, &t2)) != MP_OKAY) { goto error; } - if (mp_cmp(&t2, modulus) != MP_LT) { - if ((err = mp_sub(&t2, modulus, &t2)) != MP_OKAY) { goto error; } - } - /* T2 = X + T2 */ - if ((err = mp_add(&t2, &x, &t2)) != MP_OKAY) { goto error; } - if (mp_cmp(&t2, modulus) != MP_LT) { - if ((err = mp_sub(&t2, modulus, &t2)) != MP_OKAY) { goto error; } - } - - /* if Z' != 1 */ - if (mp_cmp_d(&Q->z, 1) != MP_EQ) { - /* Z = Z * Z' */ - if ((err = mp_mul(&z, &Q->z, &z)) != MP_OKAY) { goto error; } - if ((err = mp_montgomery_reduce(&z, modulus, mp)) != MP_OKAY) { goto error; } - } - /* Z = Z * X */ - if ((err = mp_mul(&z, &x, &z)) != MP_OKAY) { goto error; } - if ((err = mp_montgomery_reduce(&z, modulus, mp)) != MP_OKAY) { goto error; } - - /* T1 = T1 * X */ - if ((err = mp_mul(&t1, &x, &t1)) != MP_OKAY) { goto error; } - if ((err = mp_montgomery_reduce(&t1, modulus, mp)) != MP_OKAY) { goto error; } - /* X = X * X */ - if ((err = mp_sqr(&x, &x)) != MP_OKAY) { goto error; } - if ((err = mp_montgomery_reduce(&x, modulus, mp)) != MP_OKAY) { goto error; } - /* T2 = T2 * x */ - if ((err = mp_mul(&t2, &x, &t2)) != MP_OKAY) { goto error; } - if ((err = mp_montgomery_reduce(&t2, modulus, mp)) != MP_OKAY) { goto error; } - /* T1 = T1 * X */ - if ((err = mp_mul(&t1, &x, &t1)) != MP_OKAY) { goto error; } - if ((err = mp_montgomery_reduce(&t1, modulus, mp)) != MP_OKAY) { goto error; } - - /* X = Y*Y */ - if ((err = mp_sqr(&y, &x)) != MP_OKAY) { goto error; } - if ((err = mp_montgomery_reduce(&x, modulus, mp)) != MP_OKAY) { goto error; } - /* X = X - T2 */ - if ((err = mp_sub(&x, &t2, &x)) != MP_OKAY) { goto error; } - if (mp_cmp_d(&x, 0) == MP_LT) { - if ((err = mp_add(&x, modulus, &x)) != MP_OKAY) { goto error; } - } - - /* T2 = T2 - X */ - if ((err = mp_sub(&t2, &x, &t2)) != MP_OKAY) { goto error; } - if (mp_cmp_d(&t2, 0) == MP_LT) { - if ((err = mp_add(&t2, modulus, &t2)) != MP_OKAY) { goto error; } - } - /* T2 = T2 - X */ - if ((err = mp_sub(&t2, &x, &t2)) != MP_OKAY) { goto error; } - if (mp_cmp_d(&t2, 0) == MP_LT) { - if ((err = mp_add(&t2, modulus, &t2)) != MP_OKAY) { goto error; } - } - /* T2 = T2 * Y */ - if ((err = mp_mul(&t2, &y, &t2)) != MP_OKAY) { goto error; } - if ((err = mp_montgomery_reduce(&t2, modulus, mp)) != MP_OKAY) { goto error; } - /* Y = T2 - T1 */ - if ((err = mp_sub(&t2, &t1, &y)) != MP_OKAY) { goto error; } - if (mp_cmp_d(&y, 0) == MP_LT) { - if ((err = mp_add(&y, modulus, &y)) != MP_OKAY) { goto error; } - } - /* Y = Y/2 */ - if (mp_isodd(&y)) { - if ((err = mp_add(&y, modulus, &y)) != MP_OKAY) { goto error; } - } - if ((err = mp_div_2(&y, &y)) != MP_OKAY) { goto error; } - - if ((err = mp_copy(&x, &R->x)) != MP_OKAY) { goto error; } - if ((err = mp_copy(&y, &R->y)) != MP_OKAY) { goto error; } - if ((err = mp_copy(&z, &R->z)) != MP_OKAY) { goto error; } - - err = CRYPT_OK; - goto done; -error: - err = mpi_to_ltc_error(err); -done: - mp_clear_multi(&t1, &t2, &x, &y, &z, NULL); - return err; -} - -/* size of sliding window, don't change this! */ -#define WINSIZE 4 - -/* perform R = kG where k == integer and G == ecc_point */ -static int ecc_mulmod(mp_int *k, ecc_point *G, ecc_point *R, mp_int *modulus, int map) -{ - ecc_point *tG, *M[8]; - int i, j, err; - mp_int mu; - mp_digit buf, mp; - int first, bitbuf, bitcpy, bitcnt, mode, digidx; - - /* init montgomery reduction */ - if ((err = mp_montgomery_setup(modulus, &mp)) != MP_OKAY) { - return CRYPT_INVALID_ARG; - } - if ((err = mp_init(&mu)) != MP_OKAY) { - return CRYPT_MEM; - } - if ((err = mp_montgomery_calc_normalization(&mu, modulus)) != MP_OKAY) { - mp_clear(&mu); - return CRYPT_INVALID_ARG; - } - - /* alloc ram for window temps */ - for (i = 0; i < 8; i++) { - M[i] = new_point(); - if (M[i] == NULL) { - for (j = 0; j < i; j++) { - del_point(M[j]); - } - mp_clear(&mu); - return CRYPT_MEM; - } - } - - /* make a copy of G incase R==G */ - tG = new_point(); - if (tG == NULL) { err = CRYPT_MEM; goto done; } - - /* tG = G and convert to montgomery */ - if ((err = mp_mulmod(&G->x, &mu, modulus, &tG->x)) != MP_OKAY) { goto error; } - if ((err = mp_mulmod(&G->y, &mu, modulus, &tG->y)) != MP_OKAY) { goto error; } - if ((err = mp_mulmod(&G->z, &mu, modulus, &tG->z)) != MP_OKAY) { goto error; } - mp_clear(&mu); - - /* calc the M tab, which holds kG for k==8..15 */ - /* M[0] == 8G */ - if ((err = dbl_point(tG, M[0], modulus, mp)) != CRYPT_OK) { goto done; } - if ((err = dbl_point(M[0], M[0], modulus, mp)) != CRYPT_OK) { goto done; } - if ((err = dbl_point(M[0], M[0], modulus, mp)) != CRYPT_OK) { goto done; } - - /* now find (8+k)G for k=1..7 */ - for (j = 9; j < 16; j++) { - if ((err = add_point(M[j-9], tG, M[j-8], modulus, mp)) != CRYPT_OK) { goto done; } - } - - /* setup sliding window */ - mode = 0; - bitcnt = 1; - buf = 0; - digidx = k->used - 1; - bitcpy = bitbuf = 0; - first = 1; - - /* perform ops */ - for (;;) { - /* grab next digit as required */ - if (--bitcnt == 0) { - if (digidx == -1) { - break; - } - buf = k->dp[digidx--]; - bitcnt = (int) DIGIT_BIT; - } - - /* grab the next msb from the ltiplicand */ - i = (buf >> (DIGIT_BIT - 1)) & 1; - buf <<= 1; - - /* skip leading zero bits */ - if (mode == 0 && i == 0) { - continue; - } - - /* if the bit is zero and mode == 1 then we double */ - if (mode == 1 && i == 0) { - if ((err = dbl_point(R, R, modulus, mp)) != CRYPT_OK) { goto done; } - continue; - } - - /* else we add it to the window */ - bitbuf |= (i << (WINSIZE - ++bitcpy)); - mode = 2; - - if (bitcpy == WINSIZE) { - /* if this is the first window we do a simple copy */ - if (first == 1) { - /* R = kG [k = first window] */ - if ((err = mp_copy(&M[bitbuf-8]->x, &R->x)) != MP_OKAY) { goto error; } - if ((err = mp_copy(&M[bitbuf-8]->y, &R->y)) != MP_OKAY) { goto error; } - if ((err = mp_copy(&M[bitbuf-8]->z, &R->z)) != MP_OKAY) { goto error; } - first = 0; - } else { - /* normal window */ - /* ok window is filled so double as required and add */ - /* double first */ - for (j = 0; j < WINSIZE; j++) { - if ((err = dbl_point(R, R, modulus, mp)) != CRYPT_OK) { goto done; } - } - - /* then add, bitbuf will be 8..15 [8..2^WINSIZE] guaranteed */ - if ((err = add_point(R, M[bitbuf-8], R, modulus, mp)) != CRYPT_OK) { goto done; } - } - /* empty window and reset */ - bitcpy = bitbuf = 0; - mode = 1; - } - } - - /* if bits remain then double/add */ - if (mode == 2 && bitcpy > 0) { - /* double then add */ - for (j = 0; j < bitcpy; j++) { - /* only double if we have had at least one add first */ - if (first == 0) { - if ((err = dbl_point(R, R, modulus, mp)) != CRYPT_OK) { goto done; } - } - - bitbuf <<= 1; - if ((bitbuf & (1 << WINSIZE)) != 0) { - if (first == 1){ - /* first add, so copy */ - if ((err = mp_copy(&tG->x, &R->x)) != MP_OKAY) { goto error; } - if ((err = mp_copy(&tG->y, &R->y)) != MP_OKAY) { goto error; } - if ((err = mp_copy(&tG->z, &R->z)) != MP_OKAY) { goto error; } - first = 0; - } else { - /* then add */ - if ((err = add_point(R, tG, R, modulus, mp)) != CRYPT_OK) { goto done; } - } - } - } - } - - /* map R back from projective space */ - if (map) { - err = ecc_map(R, modulus, mp); - } else { - err = CRYPT_OK; - } - - goto done; -error: - err = mpi_to_ltc_error(err); -done: - del_point(tG); - for (i = 0; i < 8; i++) { - del_point(M[i]); - } - return err; -} - -#undef WINSIZE - -/** - Perform on the ECC system - @return CRYPT_OK if successful -*/ -int ecc_test(void) -{ - mp_int modulus, order; - ecc_point *G, *GG; - int i, err, primality; - - if ((err = mp_init_multi(&modulus, &order, NULL)) != MP_OKAY) { - return mpi_to_ltc_error(err); - } - - G = new_point(); - GG = new_point(); - if (G == NULL || GG == NULL) { - mp_clear_multi(&modulus, &order, NULL); - del_point(G); - del_point(GG); - return CRYPT_MEM; - } - - for (i = 0; sets[i].size; i++) { - #if 0 - printf("Testing %d\n", sets[i].size); - #endif - if ((err = mp_read_radix(&modulus, (char *)sets[i].prime, 64)) != MP_OKAY) { goto error; } - if ((err = mp_read_radix(&order, (char *)sets[i].order, 64)) != MP_OKAY) { goto error; } - - /* is prime actually prime? */ - if ((err = is_prime(&modulus, &primality)) != CRYPT_OK) { goto done; } - if (primality == 0) { - err = CRYPT_FAIL_TESTVECTOR; - goto done; - } - - /* is order prime ? */ - if ((err = is_prime(&order, &primality)) != CRYPT_OK) { goto done; } - if (primality == 0) { - err = CRYPT_FAIL_TESTVECTOR; - goto done; - } - - if ((err = mp_read_radix(&G->x, (char *)sets[i].Gx, 64)) != MP_OKAY) { goto error; } - if ((err = mp_read_radix(&G->y, (char *)sets[i].Gy, 64)) != MP_OKAY) { goto error; } - mp_set(&G->z, 1); - - /* then we should have G == (order + 1)G */ - if ((err = mp_add_d(&order, 1, &order)) != MP_OKAY) { goto error; } - if ((err = ecc_mulmod(&order, G, GG, &modulus, 1)) != CRYPT_OK) { goto done; } - if (mp_cmp(&G->x, &GG->x) != 0 || mp_cmp(&G->y, &GG->y) != 0) { - err = CRYPT_FAIL_TESTVECTOR; - goto done; - } - } - err = CRYPT_OK; - goto done; -error: - err = mpi_to_ltc_error(err); -done: - del_point(GG); - del_point(G); - mp_clear_multi(&order, &modulus, NULL); - return err; -} - -void ecc_sizes(int *low, int *high) -{ - int i; - LTC_ARGCHK(low != NULL); - LTC_ARGCHK(high != NULL); - - *low = INT_MAX; - *high = 0; - for (i = 0; sets[i].size != 0; i++) { - if (sets[i].size < *low) { - *low = sets[i].size; - } - if (sets[i].size > *high) { - *high = sets[i].size; - } - } -} - -/** - Make a new ECC key - @param prng An active PRNG state - @param wprng The index of the PRNG you wish to use - @param keysize The keysize for the new key (in octets from 20 to 65 bytes) - @param key [out] Destination of the newly created key - @return CRYPT_OK if successful, upon error all allocated memory will be freed -*/ -int ecc_make_key(prng_state *prng, int wprng, int keysize, ecc_key *key) -{ - int x, err; - ecc_point *base; - mp_int prime; - unsigned char *buf; - - LTC_ARGCHK(key != NULL); - - /* good prng? */ - if ((err = prng_is_valid(wprng)) != CRYPT_OK) { - return err; - } - - /* find key size */ - for (x = 0; (keysize > sets[x].size) && (sets[x].size != 0); x++); - keysize = sets[x].size; - - if (keysize > ECC_MAXSIZE || sets[x].size == 0) { - return CRYPT_INVALID_KEYSIZE; - } - key->idx = x; - - /* allocate ram */ - base = NULL; - buf = XMALLOC(ECC_MAXSIZE); - if (buf == NULL) { - return CRYPT_MEM; - } - - /* make up random string */ - if (prng_descriptor[wprng].read(buf, (unsigned long)keysize, prng) != (unsigned long)keysize) { - err = CRYPT_ERROR_READPRNG; - goto LBL_ERR2; - } - - /* setup the key variables */ - if ((err = mp_init_multi(&key->pubkey.x, &key->pubkey.y, &key->pubkey.z, &key->k, &prime, NULL)) != MP_OKAY) { - err = mpi_to_ltc_error(err); - goto LBL_ERR; - } - base = new_point(); - if (base == NULL) { - mp_clear_multi(&key->pubkey.x, &key->pubkey.y, &key->pubkey.z, &key->k, &prime, NULL); - err = CRYPT_MEM; - goto LBL_ERR; - } - - /* read in the specs for this key */ - if ((err = mp_read_radix(&prime, (char *)sets[key->idx].prime, 64)) != MP_OKAY) { goto error; } - if ((err = mp_read_radix(&base->x, (char *)sets[key->idx].Gx, 64)) != MP_OKAY) { goto error; } - if ((err = mp_read_radix(&base->y, (char *)sets[key->idx].Gy, 64)) != MP_OKAY) { goto error; } - mp_set(&base->z, 1); - if ((err = mp_read_unsigned_bin(&key->k, (unsigned char *)buf, keysize)) != MP_OKAY) { goto error; } - - /* make the public key */ - if ((err = ecc_mulmod(&key->k, base, &key->pubkey, &prime, 1)) != CRYPT_OK) { goto LBL_ERR; } - key->type = PK_PRIVATE; - - /* shrink key */ - if ((err = mp_shrink(&key->k)) != MP_OKAY) { goto error; } - if ((err = mp_shrink(&key->pubkey.x)) != MP_OKAY) { goto error; } - if ((err = mp_shrink(&key->pubkey.y)) != MP_OKAY) { goto error; } - if ((err = mp_shrink(&key->pubkey.z)) != MP_OKAY) { goto error; } - - /* free up ram */ - err = CRYPT_OK; - goto LBL_ERR; -error: - err = mpi_to_ltc_error(err); -LBL_ERR: - del_point(base); - mp_clear(&prime); -LBL_ERR2: -#ifdef LTC_CLEAN_STACK - zeromem(buf, ECC_MAXSIZE); -#endif - - XFREE(buf); - - return err; -} - -/** - Free an ECC key from memory - @param key The key you wish to free -*/ -void ecc_free(ecc_key *key) -{ - LTC_ARGCHK(key != NULL); - mp_clear_multi(&key->pubkey.x, &key->pubkey.y, &key->pubkey.z, &key->k, NULL); -} - -/** - Export an ECC key as a binary packet - @param out [out] Destination for the key - @param outlen [in/out] Max size and resulting size of the exported key - @param type The type of key you want to export (PK_PRIVATE or PK_PUBLIC) - @param key The key to export - @return CRYPT_OK if successful -*/ -int ecc_export(unsigned char *out, unsigned long *outlen, int type, ecc_key *key) -{ - int err; - unsigned char flags[1]; - unsigned long key_size; - - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - LTC_ARGCHK(key != NULL); - - /* type valid? */ - if (key->type != PK_PRIVATE && type == PK_PRIVATE) { - return CRYPT_PK_TYPE_MISMATCH; - } - - if (is_valid_idx(key->idx) == 0) { - return CRYPT_INVALID_ARG; - } - - /* we store the NIST byte size */ - key_size = sets[key->idx].size; - - if (type == PK_PRIVATE) { - flags[0] = 1; - err = der_encode_sequence_multi(out, outlen, - LTC_ASN1_BIT_STRING, 1UL, flags, - LTC_ASN1_SHORT_INTEGER, 1UL, &key_size, - LTC_ASN1_INTEGER, 1UL, &key->pubkey.x, - LTC_ASN1_INTEGER, 1UL, &key->pubkey.y, - LTC_ASN1_INTEGER, 1UL, &key->k, - LTC_ASN1_EOL, 0UL, NULL); - } else { - flags[0] = 0; - err = der_encode_sequence_multi(out, outlen, - LTC_ASN1_BIT_STRING, 1UL, flags, - LTC_ASN1_SHORT_INTEGER, 1UL, &key_size, - LTC_ASN1_INTEGER, 1UL, &key->pubkey.x, - LTC_ASN1_INTEGER, 1UL, &key->pubkey.y, - LTC_ASN1_EOL, 0UL, NULL); - } - - return err; -} - -/** - Import an ECC key from a binary packet - @param in The packet to import - @param inlen The length of the packet - @param key [out] The destination of the import - @return CRYPT_OK if successful, upon error all allocated memory will be freed -*/ -int ecc_import(const unsigned char *in, unsigned long inlen, ecc_key *key) -{ - unsigned long key_size; - unsigned char flags[1]; - int err; - - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(key != NULL); - - /* init key */ - if (mp_init_multi(&key->pubkey.x, &key->pubkey.y, &key->pubkey.z, &key->k, NULL) != MP_OKAY) { - return CRYPT_MEM; - } - - /* find out what type of key it is */ - if ((err = der_decode_sequence_multi(in, inlen, - LTC_ASN1_BIT_STRING, 1UL, &flags, - LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { - goto error; - } - - - if (flags[0] == 1) { - /* private key */ - key->type = PK_PRIVATE; - if ((err = der_decode_sequence_multi(in, inlen, - LTC_ASN1_BIT_STRING, 1UL, flags, - LTC_ASN1_SHORT_INTEGER, 1UL, &key_size, - LTC_ASN1_INTEGER, 1UL, &key->pubkey.x, - LTC_ASN1_INTEGER, 1UL, &key->pubkey.y, - LTC_ASN1_INTEGER, 1UL, &key->k, - LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { - goto error; - } - } else { - /* public key */ - /* private key */ - key->type = PK_PUBLIC; - if ((err = der_decode_sequence_multi(in, inlen, - LTC_ASN1_BIT_STRING, 1UL, flags, - LTC_ASN1_SHORT_INTEGER, 1UL, &key_size, - LTC_ASN1_INTEGER, 1UL, &key->pubkey.x, - LTC_ASN1_INTEGER, 1UL, &key->pubkey.y, - LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { - goto error; - } - } - - /* find the idx */ - for (key->idx = 0; sets[key->idx].size && (unsigned long)sets[key->idx].size != key_size; ++key->idx); - if (sets[key->idx].size == 0) { - err = CRYPT_INVALID_PACKET; - goto error; - } - - /* set z */ - mp_set(&key->pubkey.z, 1); - - /* we're good */ - return CRYPT_OK; -error: - mp_clear_multi(&key->pubkey.x, &key->pubkey.y, &key->pubkey.z, &key->k, NULL); - return err; -} - -/** - Create an ECC shared secret between two keys - @param private_key The private ECC key - @param public_key The public key - @param out [out] Destination of the shared secret (Conforms to EC-DH from ANSI X9.63) - @param outlen [in/out] The max size and resulting size of the shared secret - @return CRYPT_OK if successful -*/ -int ecc_shared_secret(ecc_key *private_key, ecc_key *public_key, - unsigned char *out, unsigned long *outlen) -{ - unsigned long x; - ecc_point *result; - mp_int prime; - int err; - - LTC_ARGCHK(private_key != NULL); - LTC_ARGCHK(public_key != NULL); - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - - /* type valid? */ - if (private_key->type != PK_PRIVATE) { - return CRYPT_PK_NOT_PRIVATE; - } - - if (is_valid_idx(private_key->idx) == 0) { - return CRYPT_INVALID_ARG; - } - - if (private_key->idx != public_key->idx) { - return CRYPT_PK_TYPE_MISMATCH; - } - - /* make new point */ - result = new_point(); - if (result == NULL) { - return CRYPT_MEM; - } - - if ((err = mp_init(&prime)) != MP_OKAY) { - del_point(result); - return mpi_to_ltc_error(err); - } - - if ((err = mp_read_radix(&prime, (char *)sets[private_key->idx].prime, 64)) != MP_OKAY) { goto error; } - if ((err = ecc_mulmod(&private_key->k, &public_key->pubkey, result, &prime, 1)) != CRYPT_OK) { goto done1; } - - x = (unsigned long)mp_unsigned_bin_size(&prime); - if (*outlen < x) { - err = CRYPT_BUFFER_OVERFLOW; - goto done1; - } - zeromem(out, x); - if ((err = mp_to_unsigned_bin(&result->x, out + (x - mp_unsigned_bin_size(&result->x)))) != MP_OKAY) { goto error; } - - err = CRYPT_OK; - *outlen = x; - goto done1; -error: - err = mpi_to_ltc_error(err); -done1: - mp_clear(&prime); - del_point(result); - return err; -} - -/** - Get the size of an ECC key - @param key The key to get the size of - @return The size (octets) of the key or INT_MAX on error -*/ -int ecc_get_size(ecc_key *key) -{ - LTC_ARGCHK(key != NULL); - if (is_valid_idx(key->idx)) - return sets[key->idx].size; - else - return INT_MAX; /* large value known to cause it to fail when passed to ecc_make_key() */ -} - -#include "ecc_sys.c" - #endif - - /* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ecc.c,v $ */ -/* $Revision: 1.20 $ */ -/* $Date: 2005/06/14 20:42:28 $ */ +/* $Revision: 1.38 $ */ +/* $Date: 2006/11/07 23:14:28 $ */ + diff --git a/libtomcrypt/src/pk/ecc/ecc_ansi_x963_export.c b/libtomcrypt/src/pk/ecc/ecc_ansi_x963_export.c new file mode 100644 index 0000000..2a32912 --- /dev/null +++ b/libtomcrypt/src/pk/ecc/ecc_ansi_x963_export.c @@ -0,0 +1,72 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com + */ + +/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b + * + * All curves taken from NIST recommendation paper of July 1999 + * Available at http://csrc.nist.gov/cryptval/dss.htm + */ +#include "tomcrypt.h" + +/** + @file ecc_ansi_x963_export.c + ECC Crypto, Tom St Denis +*/ + +#ifdef MECC + +/** ECC X9.63 (Sec. 4.3.6) uncompressed export + @param key Key to export + @param out [out] destination of export + @param outlen [in/out] Length of destination and final output size + Return CRYPT_OK on success +*/ +int ecc_ansi_x963_export(ecc_key *key, unsigned char *out, unsigned long *outlen) +{ + unsigned char buf[ECC_BUF_SIZE]; + unsigned long numlen; + + LTC_ARGCHK(key != NULL); + LTC_ARGCHK(out != NULL); + LTC_ARGCHK(outlen != NULL); + + if (ltc_ecc_is_valid_idx(key->idx) == 0) { + return CRYPT_INVALID_ARG; + } + numlen = key->dp->size; + + if (*outlen < (1 + 2*numlen)) { + *outlen = 1 + 2*numlen; + return CRYPT_BUFFER_OVERFLOW; + } + + /* store byte 0x04 */ + out[0] = 0x04; + + /* pad and store x */ + zeromem(buf, sizeof(buf)); + mp_to_unsigned_bin(key->pubkey.x, buf + (numlen - mp_unsigned_bin_size(key->pubkey.x))); + XMEMCPY(out+1, buf, numlen); + + /* pad and store y */ + zeromem(buf, sizeof(buf)); + mp_to_unsigned_bin(key->pubkey.y, buf + (numlen - mp_unsigned_bin_size(key->pubkey.y))); + XMEMCPY(out+1+numlen, buf, numlen); + + *outlen = 1 + 2*numlen; + return CRYPT_OK; +} + +#endif + +/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ecc_ansi_x963_export.c,v $ */ +/* $Revision: 1.4 $ */ +/* $Date: 2006/12/04 02:50:11 $ */ diff --git a/libtomcrypt/src/pk/ecc/ecc_ansi_x963_import.c b/libtomcrypt/src/pk/ecc/ecc_ansi_x963_import.c new file mode 100644 index 0000000..e92f5f4 --- /dev/null +++ b/libtomcrypt/src/pk/ecc/ecc_ansi_x963_import.c @@ -0,0 +1,104 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com + */ + +/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b + * + * All curves taken from NIST recommendation paper of July 1999 + * Available at http://csrc.nist.gov/cryptval/dss.htm + */ +#include "tomcrypt.h" + +/** + @file ecc_ansi_x963_import.c + ECC Crypto, Tom St Denis +*/ + +#ifdef MECC + +/** Import an ANSI X9.63 format public key + @param in The input data to read + @param inlen The length of the input data + @param key [out] destination to store imported key \ +*/ +int ecc_ansi_x963_import(const unsigned char *in, unsigned long inlen, ecc_key *key) +{ + return ecc_ansi_x963_import_ex(in, inlen, key, NULL); +} + +int ecc_ansi_x963_import_ex(const unsigned char *in, unsigned long inlen, ecc_key *key, ltc_ecc_set_type *dp) +{ + int x, err; + + LTC_ARGCHK(in != NULL); + LTC_ARGCHK(key != NULL); + + /* must be odd */ + if ((inlen & 1) == 0) { + return CRYPT_INVALID_ARG; + } + + /* init key */ + if (mp_init_multi(&key->pubkey.x, &key->pubkey.y, &key->pubkey.z, &key->k, NULL) != CRYPT_OK) { + return CRYPT_MEM; + } + + /* check for 4, 6 or 7 */ + if (in[0] != 4 && in[0] != 6 && in[0] != 7) { + err = CRYPT_INVALID_PACKET; + goto error; + } + + /* read data */ + if ((err = mp_read_unsigned_bin(key->pubkey.x, (unsigned char *)in+1, (inlen-1)>>1)) != CRYPT_OK) { + goto error; + } + + if ((err = mp_read_unsigned_bin(key->pubkey.y, (unsigned char *)in+1+((inlen-1)>>1), (inlen-1)>>1)) != CRYPT_OK) { + goto error; + } + if ((err = mp_set(key->pubkey.z, 1)) != CRYPT_OK) { goto error; } + + if (dp == NULL) { + /* determine the idx */ + for (x = 0; ltc_ecc_sets[x].size != 0; x++) { + if ((unsigned)ltc_ecc_sets[x].size >= ((inlen-1)>>1)) { + break; + } + } + if (ltc_ecc_sets[x].size == 0) { + err = CRYPT_INVALID_PACKET; + goto error; + } + /* set the idx */ + key->idx = x; + key->dp = <c_ecc_sets[x]; + } else { + if (((inlen-1)>>1) != (unsigned long) dp->size) { + err = CRYPT_INVALID_PACKET; + goto error; + } + key->idx = -1; + key->dp = dp; + } + key->type = PK_PUBLIC; + + /* we're done */ + return CRYPT_OK; +error: + mp_clear_multi(key->pubkey.x, key->pubkey.y, key->pubkey.z, key->k, NULL); + return err; +} + +#endif + +/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ecc_ansi_x963_import.c,v $ */ +/* $Revision: 1.9 $ */ +/* $Date: 2006/12/04 22:17:46 $ */ diff --git a/libtomcrypt/src/pk/ecc/ecc_decrypt_key.c b/libtomcrypt/src/pk/ecc/ecc_decrypt_key.c new file mode 100644 index 0000000..bb56208 --- /dev/null +++ b/libtomcrypt/src/pk/ecc/ecc_decrypt_key.c @@ -0,0 +1,150 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com + */ + +/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b + * + * All curves taken from NIST recommendation paper of July 1999 + * Available at http://csrc.nist.gov/cryptval/dss.htm + */ +#include "tomcrypt.h" + +/** + @file ecc_decrypt_key.c + ECC Crypto, Tom St Denis +*/ + +#ifdef MECC + +/** + Decrypt an ECC encrypted key + @param in The ciphertext + @param inlen The length of the ciphertext (octets) + @param out [out] The plaintext + @param outlen [in/out] The max size and resulting size of the plaintext + @param key The corresponding private ECC key + @return CRYPT_OK if successful +*/ +int ecc_decrypt_key(const unsigned char *in, unsigned long inlen, + unsigned char *out, unsigned long *outlen, + ecc_key *key) +{ + unsigned char *ecc_shared, *skey, *pub_expt; + unsigned long x, y, hashOID[32]; + int hash, err; + ecc_key pubkey; + ltc_asn1_list decode[3]; + + LTC_ARGCHK(in != NULL); + LTC_ARGCHK(out != NULL); + LTC_ARGCHK(outlen != NULL); + LTC_ARGCHK(key != NULL); + + /* right key type? */ + if (key->type != PK_PRIVATE) { + return CRYPT_PK_NOT_PRIVATE; + } + + /* decode to find out hash */ + LTC_SET_ASN1(decode, 0, LTC_ASN1_OBJECT_IDENTIFIER, hashOID, sizeof(hashOID)/sizeof(hashOID[0])); + + if ((err = der_decode_sequence(in, inlen, decode, 1)) != CRYPT_OK) { + return err; + } + + hash = find_hash_oid(hashOID, decode[0].size); + if (hash_is_valid(hash) != CRYPT_OK) { + return CRYPT_INVALID_PACKET; + } + + /* we now have the hash! */ + + /* allocate memory */ + pub_expt = XMALLOC(ECC_BUF_SIZE); + ecc_shared = XMALLOC(ECC_BUF_SIZE); + skey = XMALLOC(MAXBLOCKSIZE); + if (pub_expt == NULL || ecc_shared == NULL || skey == NULL) { + if (pub_expt != NULL) { + XFREE(pub_expt); + } + if (ecc_shared != NULL) { + XFREE(ecc_shared); + } + if (skey != NULL) { + XFREE(skey); + } + return CRYPT_MEM; + } + LTC_SET_ASN1(decode, 1, LTC_ASN1_OCTET_STRING, pub_expt, ECC_BUF_SIZE); + LTC_SET_ASN1(decode, 2, LTC_ASN1_OCTET_STRING, skey, MAXBLOCKSIZE); + + /* read the structure in now */ + if ((err = der_decode_sequence(in, inlen, decode, 3)) != CRYPT_OK) { + goto LBL_ERR; + } + + /* import ECC key from packet */ + if ((err = ecc_import(decode[1].data, decode[1].size, &pubkey)) != CRYPT_OK) { + goto LBL_ERR; + } + + /* make shared key */ + x = ECC_BUF_SIZE; + if ((err = ecc_shared_secret(key, &pubkey, ecc_shared, &x)) != CRYPT_OK) { + ecc_free(&pubkey); + goto LBL_ERR; + } + ecc_free(&pubkey); + + y = MIN(ECC_BUF_SIZE, MAXBLOCKSIZE); + if ((err = hash_memory(hash, ecc_shared, x, ecc_shared, &y)) != CRYPT_OK) { + goto LBL_ERR; + } + + /* ensure the hash of the shared secret is at least as big as the encrypt itself */ + if (decode[2].size > y) { + err = CRYPT_INVALID_PACKET; + goto LBL_ERR; + } + + /* avoid buffer overflow */ + if (*outlen < decode[2].size) { + *outlen = decode[2].size; + err = CRYPT_BUFFER_OVERFLOW; + goto LBL_ERR; + } + + /* Decrypt the key */ + for (x = 0; x < decode[2].size; x++) { + out[x] = skey[x] ^ ecc_shared[x]; + } + *outlen = x; + + err = CRYPT_OK; +LBL_ERR: +#ifdef LTC_CLEAN_STACK + zeromem(pub_expt, ECC_BUF_SIZE); + zeromem(ecc_shared, ECC_BUF_SIZE); + zeromem(skey, MAXBLOCKSIZE); +#endif + + XFREE(pub_expt); + XFREE(ecc_shared); + XFREE(skey); + + return err; +} + +#endif + +/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ecc_decrypt_key.c,v $ */ +/* $Revision: 1.5 $ */ +/* $Date: 2006/06/16 21:53:41 $ */ + diff --git a/libtomcrypt/src/pk/ecc/ecc_encrypt_key.c b/libtomcrypt/src/pk/ecc/ecc_encrypt_key.c new file mode 100644 index 0000000..dd9bab0 --- /dev/null +++ b/libtomcrypt/src/pk/ecc/ecc_encrypt_key.c @@ -0,0 +1,136 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com + */ + +/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b + * + * All curves taken from NIST recommendation paper of July 1999 + * Available at http://csrc.nist.gov/cryptval/dss.htm + */ +#include "tomcrypt.h" + +/** + @file ecc_encrypt_key.c + ECC Crypto, Tom St Denis +*/ + +#ifdef MECC + +/** + Encrypt a symmetric key with ECC + @param in The symmetric key you want to encrypt + @param inlen The length of the key to encrypt (octets) + @param out [out] The destination for the ciphertext + @param outlen [in/out] The max size and resulting size of the ciphertext + @param prng An active PRNG state + @param wprng The index of the PRNG you wish to use + @param hash The index of the hash you want to use + @param key The ECC key you want to encrypt to + @return CRYPT_OK if successful +*/ +int ecc_encrypt_key(const unsigned char *in, unsigned long inlen, + unsigned char *out, unsigned long *outlen, + prng_state *prng, int wprng, int hash, + ecc_key *key) +{ + unsigned char *pub_expt, *ecc_shared, *skey; + ecc_key pubkey; + unsigned long x, y, pubkeysize; + int err; + + LTC_ARGCHK(in != NULL); + LTC_ARGCHK(out != NULL); + LTC_ARGCHK(outlen != NULL); + LTC_ARGCHK(key != NULL); + + /* check that wprng/cipher/hash are not invalid */ + if ((err = prng_is_valid(wprng)) != CRYPT_OK) { + return err; + } + + if ((err = hash_is_valid(hash)) != CRYPT_OK) { + return err; + } + + if (inlen > hash_descriptor[hash].hashsize) { + return CRYPT_INVALID_HASH; + } + + /* make a random key and export the public copy */ + if ((err = ecc_make_key_ex(prng, wprng, &pubkey, key->dp)) != CRYPT_OK) { + return err; + } + + pub_expt = XMALLOC(ECC_BUF_SIZE); + ecc_shared = XMALLOC(ECC_BUF_SIZE); + skey = XMALLOC(MAXBLOCKSIZE); + if (pub_expt == NULL || ecc_shared == NULL || skey == NULL) { + if (pub_expt != NULL) { + XFREE(pub_expt); + } + if (ecc_shared != NULL) { + XFREE(ecc_shared); + } + if (skey != NULL) { + XFREE(skey); + } + ecc_free(&pubkey); + return CRYPT_MEM; + } + + pubkeysize = ECC_BUF_SIZE; + if ((err = ecc_export(pub_expt, &pubkeysize, PK_PUBLIC, &pubkey)) != CRYPT_OK) { + ecc_free(&pubkey); + goto LBL_ERR; + } + + /* make random key */ + x = ECC_BUF_SIZE; + if ((err = ecc_shared_secret(&pubkey, key, ecc_shared, &x)) != CRYPT_OK) { + ecc_free(&pubkey); + goto LBL_ERR; + } + ecc_free(&pubkey); + y = MAXBLOCKSIZE; + if ((err = hash_memory(hash, ecc_shared, x, skey, &y)) != CRYPT_OK) { + goto LBL_ERR; + } + + /* Encrypt key */ + for (x = 0; x < inlen; x++) { + skey[x] ^= in[x]; + } + + err = der_encode_sequence_multi(out, outlen, + LTC_ASN1_OBJECT_IDENTIFIER, hash_descriptor[hash].OIDlen, hash_descriptor[hash].OID, + LTC_ASN1_OCTET_STRING, pubkeysize, pub_expt, + LTC_ASN1_OCTET_STRING, inlen, skey, + LTC_ASN1_EOL, 0UL, NULL); + +LBL_ERR: +#ifdef LTC_CLEAN_STACK + /* clean up */ + zeromem(pub_expt, ECC_BUF_SIZE); + zeromem(ecc_shared, ECC_BUF_SIZE); + zeromem(skey, MAXBLOCKSIZE); +#endif + + XFREE(skey); + XFREE(ecc_shared); + XFREE(pub_expt); + + return err; +} + +#endif +/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ecc_encrypt_key.c,v $ */ +/* $Revision: 1.4 $ */ +/* $Date: 2006/11/21 00:10:18 $ */ + diff --git a/libtomcrypt/src/pk/ecc/ecc_export.c b/libtomcrypt/src/pk/ecc/ecc_export.c new file mode 100644 index 0000000..1919849 --- /dev/null +++ b/libtomcrypt/src/pk/ecc/ecc_export.c @@ -0,0 +1,82 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com + */ + +/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b + * + * All curves taken from NIST recommendation paper of July 1999 + * Available at http://csrc.nist.gov/cryptval/dss.htm + */ +#include "tomcrypt.h" + +/** + @file ecc_export.c + ECC Crypto, Tom St Denis +*/ + +#ifdef MECC + +/** + Export an ECC key as a binary packet + @param out [out] Destination for the key + @param outlen [in/out] Max size and resulting size of the exported key + @param type The type of key you want to export (PK_PRIVATE or PK_PUBLIC) + @param key The key to export + @return CRYPT_OK if successful +*/ +int ecc_export(unsigned char *out, unsigned long *outlen, int type, ecc_key *key) +{ + int err; + unsigned char flags[1]; + unsigned long key_size; + + LTC_ARGCHK(out != NULL); + LTC_ARGCHK(outlen != NULL); + LTC_ARGCHK(key != NULL); + + /* type valid? */ + if (key->type != PK_PRIVATE && type == PK_PRIVATE) { + return CRYPT_PK_TYPE_MISMATCH; + } + + if (ltc_ecc_is_valid_idx(key->idx) == 0) { + return CRYPT_INVALID_ARG; + } + + /* we store the NIST byte size */ + key_size = key->dp->size; + + if (type == PK_PRIVATE) { + flags[0] = 1; + err = der_encode_sequence_multi(out, outlen, + LTC_ASN1_BIT_STRING, 1UL, flags, + LTC_ASN1_SHORT_INTEGER, 1UL, &key_size, + LTC_ASN1_INTEGER, 1UL, key->pubkey.x, + LTC_ASN1_INTEGER, 1UL, key->pubkey.y, + LTC_ASN1_INTEGER, 1UL, key->k, + LTC_ASN1_EOL, 0UL, NULL); + } else { + flags[0] = 0; + err = der_encode_sequence_multi(out, outlen, + LTC_ASN1_BIT_STRING, 1UL, flags, + LTC_ASN1_SHORT_INTEGER, 1UL, &key_size, + LTC_ASN1_INTEGER, 1UL, key->pubkey.x, + LTC_ASN1_INTEGER, 1UL, key->pubkey.y, + LTC_ASN1_EOL, 0UL, NULL); + } + + return err; +} + +#endif +/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ecc_export.c,v $ */ +/* $Revision: 1.4 $ */ +/* $Date: 2006/11/21 00:10:18 $ */ + diff --git a/libtomcrypt/src/pk/ecc/ecc_free.c b/libtomcrypt/src/pk/ecc/ecc_free.c new file mode 100644 index 0000000..039178d --- /dev/null +++ b/libtomcrypt/src/pk/ecc/ecc_free.c @@ -0,0 +1,40 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com + */ + +/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b + * + * All curves taken from NIST recommendation paper of July 1999 + * Available at http://csrc.nist.gov/cryptval/dss.htm + */ +#include "tomcrypt.h" + +/** + @file ecc_free.c + ECC Crypto, Tom St Denis +*/ + +#ifdef MECC + +/** + Free an ECC key from memory + @param key The key you wish to free +*/ +void ecc_free(ecc_key *key) +{ + LTC_ARGCHKVD(key != NULL); + mp_clear_multi(key->pubkey.x, key->pubkey.y, key->pubkey.z, key->k, NULL); +} + +#endif +/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ecc_free.c,v $ */ +/* $Revision: 1.4 $ */ +/* $Date: 2006/06/09 01:38:14 $ */ + diff --git a/libtomcrypt/src/pk/ecc/ecc_get_size.c b/libtomcrypt/src/pk/ecc/ecc_get_size.c new file mode 100644 index 0000000..9eafdeb --- /dev/null +++ b/libtomcrypt/src/pk/ecc/ecc_get_size.c @@ -0,0 +1,44 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com + */ + +/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b + * + * All curves taken from NIST recommendation paper of July 1999 + * Available at http://csrc.nist.gov/cryptval/dss.htm + */ +#include "tomcrypt.h" + +/** + @file ecc_get_size.c + ECC Crypto, Tom St Denis +*/ + +#ifdef MECC + +/** + Get the size of an ECC key + @param key The key to get the size of + @return The size (octets) of the key or INT_MAX on error +*/ +int ecc_get_size(ecc_key *key) +{ + LTC_ARGCHK(key != NULL); + if (ltc_ecc_is_valid_idx(key->idx)) + return key->dp->size; + else + return INT_MAX; /* large value known to cause it to fail when passed to ecc_make_key() */ +} + +#endif +/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ecc_get_size.c,v $ */ +/* $Revision: 1.4 $ */ +/* $Date: 2006/11/21 00:10:18 $ */ + diff --git a/libtomcrypt/src/pk/ecc/ecc_import.c b/libtomcrypt/src/pk/ecc/ecc_import.c new file mode 100644 index 0000000..4adb28e --- /dev/null +++ b/libtomcrypt/src/pk/ecc/ecc_import.c @@ -0,0 +1,172 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com + */ + +/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b + * + * All curves taken from NIST recommendation paper of July 1999 + * Available at http://csrc.nist.gov/cryptval/dss.htm + */ +#include "tomcrypt.h" + +/** + @file ecc_import.c + ECC Crypto, Tom St Denis +*/ + +#ifdef MECC + +static int is_point(ecc_key *key) +{ + void *prime, *b, *t1, *t2; + int err; + + if ((err = mp_init_multi(&prime, &b, &t1, &t2, NULL)) != CRYPT_OK) { + return err; + } + + /* load prime and b */ + if ((err = mp_read_radix(prime, key->dp->prime, 16)) != CRYPT_OK) { goto error; } + if ((err = mp_read_radix(b, key->dp->B, 16)) != CRYPT_OK) { goto error; } + + /* compute y^2 */ + if ((err = mp_sqr(key->pubkey.y, t1)) != CRYPT_OK) { goto error; } + + /* compute x^3 */ + if ((err = mp_sqr(key->pubkey.x, t2)) != CRYPT_OK) { goto error; } + if ((err = mp_mod(t2, prime, t2)) != CRYPT_OK) { goto error; } + if ((err = mp_mul(key->pubkey.x, t2, t2)) != CRYPT_OK) { goto error; } + + /* compute y^2 - x^3 */ + if ((err = mp_sub(t1, t2, t1)) != CRYPT_OK) { goto error; } + + /* compute y^2 - x^3 + 3x */ + if ((err = mp_add(t1, key->pubkey.x, t1)) != CRYPT_OK) { goto error; } + if ((err = mp_add(t1, key->pubkey.x, t1)) != CRYPT_OK) { goto error; } + if ((err = mp_add(t1, key->pubkey.x, t1)) != CRYPT_OK) { goto error; } + if ((err = mp_mod(t1, prime, t1)) != CRYPT_OK) { goto error; } + while (mp_cmp_d(t1, 0) == LTC_MP_LT) { + if ((err = mp_add(t1, prime, t1)) != CRYPT_OK) { goto error; } + } + while (mp_cmp(t1, prime) != LTC_MP_LT) { + if ((err = mp_sub(t1, prime, t1)) != CRYPT_OK) { goto error; } + } + + /* compare to b */ + if (mp_cmp(t1, b) != LTC_MP_EQ) { + err = CRYPT_INVALID_PACKET; + } else { + err = CRYPT_OK; + } + +error: + mp_clear_multi(prime, b, t1, t2, NULL); + return err; +} + +/** + Import an ECC key from a binary packet + @param in The packet to import + @param inlen The length of the packet + @param key [out] The destination of the import + @return CRYPT_OK if successful, upon error all allocated memory will be freed +*/ +int ecc_import(const unsigned char *in, unsigned long inlen, ecc_key *key) +{ + return ecc_import_ex(in, inlen, key, NULL); +} + +/** + Import an ECC key from a binary packet, using user supplied domain params rather than one of the NIST ones + @param in The packet to import + @param inlen The length of the packet + @param key [out] The destination of the import + @param dp pointer to user supplied params; must be the same as the params used when exporting + @return CRYPT_OK if successful, upon error all allocated memory will be freed +*/ +int ecc_import_ex(const unsigned char *in, unsigned long inlen, ecc_key *key, const ltc_ecc_set_type *dp) +{ + unsigned long key_size; + unsigned char flags[1]; + int err; + + LTC_ARGCHK(in != NULL); + LTC_ARGCHK(key != NULL); + LTC_ARGCHK(ltc_mp.name != NULL); + + /* init key */ + if (mp_init_multi(&key->pubkey.x, &key->pubkey.y, &key->pubkey.z, &key->k, NULL) != CRYPT_OK) { + return CRYPT_MEM; + } + + /* find out what type of key it is */ + if ((err = der_decode_sequence_multi(in, inlen, + LTC_ASN1_BIT_STRING, 1UL, &flags, + LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { + goto done; + } + + + if (flags[0] == 1) { + /* private key */ + key->type = PK_PRIVATE; + if ((err = der_decode_sequence_multi(in, inlen, + LTC_ASN1_BIT_STRING, 1UL, flags, + LTC_ASN1_SHORT_INTEGER, 1UL, &key_size, + LTC_ASN1_INTEGER, 1UL, key->pubkey.x, + LTC_ASN1_INTEGER, 1UL, key->pubkey.y, + LTC_ASN1_INTEGER, 1UL, key->k, + LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { + goto done; + } + } else { + /* public key */ + key->type = PK_PUBLIC; + if ((err = der_decode_sequence_multi(in, inlen, + LTC_ASN1_BIT_STRING, 1UL, flags, + LTC_ASN1_SHORT_INTEGER, 1UL, &key_size, + LTC_ASN1_INTEGER, 1UL, key->pubkey.x, + LTC_ASN1_INTEGER, 1UL, key->pubkey.y, + LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { + goto done; + } + } + + if (dp == NULL) { + /* find the idx */ + for (key->idx = 0; ltc_ecc_sets[key->idx].size && (unsigned long)ltc_ecc_sets[key->idx].size != key_size; ++key->idx); + if (ltc_ecc_sets[key->idx].size == 0) { + err = CRYPT_INVALID_PACKET; + goto done; + } + key->dp = <c_ecc_sets[key->idx]; + } else { + key->idx = -1; + key->dp = dp; + } + /* set z */ + if ((err = mp_set(key->pubkey.z, 1)) != CRYPT_OK) { goto done; } + + /* is it a point on the curve? */ + if ((err = is_point(key)) != CRYPT_OK) { + goto done; + } + + /* we're good */ + return CRYPT_OK; +done: + mp_clear_multi(key->pubkey.x, key->pubkey.y, key->pubkey.z, key->k, NULL); + return err; +} +#endif +/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ecc_import.c,v $ */ +/* $Revision: 1.11 $ */ +/* $Date: 2006/12/04 02:19:48 $ */ + diff --git a/libtomcrypt/src/pk/ecc/ecc_make_key.c b/libtomcrypt/src/pk/ecc/ecc_make_key.c new file mode 100644 index 0000000..796b674 --- /dev/null +++ b/libtomcrypt/src/pk/ecc/ecc_make_key.c @@ -0,0 +1,125 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com + */ + +/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b + * + * All curves taken from NIST recommendation paper of July 1999 + * Available at http://csrc.nist.gov/cryptval/dss.htm + */ +#include "tomcrypt.h" + +/** + @file ecc_make_key.c + ECC Crypto, Tom St Denis +*/ + +#ifdef MECC + +/** + Make a new ECC key + @param prng An active PRNG state + @param wprng The index of the PRNG you wish to use + @param keysize The keysize for the new key (in octets from 20 to 65 bytes) + @param key [out] Destination of the newly created key + @return CRYPT_OK if successful, upon error all allocated memory will be freed +*/ +int ecc_make_key(prng_state *prng, int wprng, int keysize, ecc_key *key) +{ + int x, err; + + /* find key size */ + for (x = 0; (keysize > ltc_ecc_sets[x].size) && (ltc_ecc_sets[x].size != 0); x++); + keysize = ltc_ecc_sets[x].size; + + if (keysize > ECC_MAXSIZE || ltc_ecc_sets[x].size == 0) { + return CRYPT_INVALID_KEYSIZE; + } + err = ecc_make_key_ex(prng, wprng, key, <c_ecc_sets[x]); + key->idx = x; + return err; +} + +int ecc_make_key_ex(prng_state *prng, int wprng, ecc_key *key, const ltc_ecc_set_type *dp) +{ + int err; + ecc_point *base; + void *prime; + unsigned char *buf; + int keysize; + + LTC_ARGCHK(key != NULL); + LTC_ARGCHK(ltc_mp.name != NULL); + LTC_ARGCHK(dp != NULL); + + /* good prng? */ + if ((err = prng_is_valid(wprng)) != CRYPT_OK) { + return err; + } + + key->idx = -1; + key->dp = dp; + keysize = dp->size; + + /* allocate ram */ + base = NULL; + buf = XMALLOC(ECC_MAXSIZE); + if (buf == NULL) { + return CRYPT_MEM; + } + + /* make up random string */ + if (prng_descriptor[wprng].read(buf, (unsigned long)keysize, prng) != (unsigned long)keysize) { + err = CRYPT_ERROR_READPRNG; + goto ERR_BUF; + } + + /* setup the key variables */ + if ((err = mp_init_multi(&key->pubkey.x, &key->pubkey.y, &key->pubkey.z, &key->k, &prime, NULL)) != CRYPT_OK) { + goto ERR_BUF; + } + base = ltc_ecc_new_point(); + if (base == NULL) { + err = CRYPT_MEM; + goto errkey; + } + + /* read in the specs for this key */ + if ((err = mp_read_radix(prime, (char *)key->dp->prime, 16)) != CRYPT_OK) { goto errkey; } + if ((err = mp_read_radix(base->x, (char *)key->dp->Gx, 16)) != CRYPT_OK) { goto errkey; } + if ((err = mp_read_radix(base->y, (char *)key->dp->Gy, 16)) != CRYPT_OK) { goto errkey; } + if ((err = mp_set(base->z, 1)) != CRYPT_OK) { goto errkey; } + if ((err = mp_read_unsigned_bin(key->k, (unsigned char *)buf, keysize)) != CRYPT_OK) { goto errkey; } + + /* make the public key */ + if ((err = ltc_mp.ecc_ptmul(key->k, base, &key->pubkey, prime, 1)) != CRYPT_OK) { goto errkey; } + key->type = PK_PRIVATE; + + /* free up ram */ + err = CRYPT_OK; + goto cleanup; +errkey: + mp_clear_multi(key->pubkey.x, key->pubkey.y, key->pubkey.z, key->k, NULL); +cleanup: + ltc_ecc_del_point(base); + mp_clear(prime); +ERR_BUF: +#ifdef LTC_CLEAN_STACK + zeromem(buf, ECC_MAXSIZE); +#endif + XFREE(buf); + return err; +} + +#endif +/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ecc_make_key.c,v $ */ +/* $Revision: 1.9 $ */ +/* $Date: 2006/12/04 02:50:11 $ */ + diff --git a/libtomcrypt/src/pk/ecc/ecc_shared_secret.c b/libtomcrypt/src/pk/ecc/ecc_shared_secret.c new file mode 100644 index 0000000..ddef847 --- /dev/null +++ b/libtomcrypt/src/pk/ecc/ecc_shared_secret.c @@ -0,0 +1,95 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com + */ + +/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b + * + * All curves taken from NIST recommendation paper of July 1999 + * Available at http://csrc.nist.gov/cryptval/dss.htm + */ +#include "tomcrypt.h" + +/** + @file ecc_shared_secret.c + ECC Crypto, Tom St Denis +*/ + +#ifdef MECC + +/** + Create an ECC shared secret between two keys + @param private_key The private ECC key + @param public_key The public key + @param out [out] Destination of the shared secret (Conforms to EC-DH from ANSI X9.63) + @param outlen [in/out] The max size and resulting size of the shared secret + @return CRYPT_OK if successful +*/ +int ecc_shared_secret(ecc_key *private_key, ecc_key *public_key, + unsigned char *out, unsigned long *outlen) +{ + unsigned long x; + ecc_point *result; + void *prime; + int err; + + LTC_ARGCHK(private_key != NULL); + LTC_ARGCHK(public_key != NULL); + LTC_ARGCHK(out != NULL); + LTC_ARGCHK(outlen != NULL); + + /* type valid? */ + if (private_key->type != PK_PRIVATE) { + return CRYPT_PK_NOT_PRIVATE; + } + + if (ltc_ecc_is_valid_idx(private_key->idx) == 0 || ltc_ecc_is_valid_idx(public_key->idx) == 0) { + return CRYPT_INVALID_ARG; + } + + if (XSTRCMP(private_key->dp->name, public_key->dp->name) != 0) { + return CRYPT_PK_TYPE_MISMATCH; + } + + /* make new point */ + result = ltc_ecc_new_point(); + if (result == NULL) { + return CRYPT_MEM; + } + + if ((err = mp_init(&prime)) != CRYPT_OK) { + ltc_ecc_del_point(result); + return err; + } + + if ((err = mp_read_radix(prime, (char *)private_key->dp->prime, 16)) != CRYPT_OK) { goto done; } + if ((err = ltc_mp.ecc_ptmul(private_key->k, &public_key->pubkey, result, prime, 1)) != CRYPT_OK) { goto done; } + + x = (unsigned long)mp_unsigned_bin_size(prime); + if (*outlen < x) { + *outlen = x; + err = CRYPT_BUFFER_OVERFLOW; + goto done; + } + zeromem(out, x); + if ((err = mp_to_unsigned_bin(result->x, out + (x - mp_unsigned_bin_size(result->x)))) != CRYPT_OK) { goto done; } + + err = CRYPT_OK; + *outlen = x; +done: + mp_clear(prime); + ltc_ecc_del_point(result); + return err; +} + +#endif +/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ecc_shared_secret.c,v $ */ +/* $Revision: 1.8 $ */ +/* $Date: 2006/12/04 02:19:48 $ */ + diff --git a/libtomcrypt/src/pk/ecc/ecc_sign_hash.c b/libtomcrypt/src/pk/ecc/ecc_sign_hash.c new file mode 100644 index 0000000..44f949e --- /dev/null +++ b/libtomcrypt/src/pk/ecc/ecc_sign_hash.c @@ -0,0 +1,114 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com + */ + +/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b + * + * All curves taken from NIST recommendation paper of July 1999 + * Available at http://csrc.nist.gov/cryptval/dss.htm + */ +#include "tomcrypt.h" + +/** + @file ecc_sign_hash.c + ECC Crypto, Tom St Denis +*/ + +#ifdef MECC + +/** + Sign a message digest + @param in The message digest to sign + @param inlen The length of the digest + @param out [out] The destination for the signature + @param outlen [in/out] The max size and resulting size of the signature + @param prng An active PRNG state + @param wprng The index of the PRNG you wish to use + @param key A private ECC key + @return CRYPT_OK if successful +*/ +int ecc_sign_hash(const unsigned char *in, unsigned long inlen, + unsigned char *out, unsigned long *outlen, + prng_state *prng, int wprng, ecc_key *key) +{ + ecc_key pubkey; + void *r, *s, *e, *p; + int err; + + LTC_ARGCHK(in != NULL); + LTC_ARGCHK(out != NULL); + LTC_ARGCHK(outlen != NULL); + LTC_ARGCHK(key != NULL); + + /* is this a private key? */ + if (key->type != PK_PRIVATE) { + return CRYPT_PK_NOT_PRIVATE; + } + + /* is the IDX valid ? */ + if (ltc_ecc_is_valid_idx(key->idx) != 1) { + return CRYPT_PK_INVALID_TYPE; + } + + if ((err = prng_is_valid(wprng)) != CRYPT_OK) { + return err; + } + + /* get the hash and load it as a bignum into 'e' */ + /* init the bignums */ + if ((err = mp_init_multi(&r, &s, &p, &e, NULL)) != CRYPT_OK) { + return err; + } + if ((err = mp_read_radix(p, (char *)key->dp->order, 16)) != CRYPT_OK) { goto errnokey; } + if ((err = mp_read_unsigned_bin(e, (unsigned char *)in, (int)inlen)) != CRYPT_OK) { goto errnokey; } + + /* make up a key and export the public copy */ + for (;;) { + if ((err = ecc_make_key_ex(prng, wprng, &pubkey, key->dp)) != CRYPT_OK) { + goto errnokey; + } + + /* find r = x1 mod n */ + if ((err = mp_mod(pubkey.pubkey.x, p, r)) != CRYPT_OK) { goto error; } + + if (mp_iszero(r) == LTC_MP_YES) { + ecc_free(&pubkey); + } else { + /* find s = (e + xr)/k */ + if ((err = mp_invmod(pubkey.k, p, pubkey.k)) != CRYPT_OK) { goto error; } /* k = 1/k */ + if ((err = mp_mulmod(key->k, r, p, s)) != CRYPT_OK) { goto error; } /* s = xr */ + if ((err = mp_add(e, s, s)) != CRYPT_OK) { goto error; } /* s = e + xr */ + if ((err = mp_mod(s, p, s)) != CRYPT_OK) { goto error; } /* s = e + xr */ + if ((err = mp_mulmod(s, pubkey.k, p, s)) != CRYPT_OK) { goto error; } /* s = (e + xr)/k */ + ecc_free(&pubkey); + if (mp_iszero(s) == LTC_MP_NO) { + break; + } + } + } + + /* store as SEQUENCE { r, s -- integer } */ + err = der_encode_sequence_multi(out, outlen, + LTC_ASN1_INTEGER, 1UL, r, + LTC_ASN1_INTEGER, 1UL, s, + LTC_ASN1_EOL, 0UL, NULL); + goto errnokey; +error: + ecc_free(&pubkey); +errnokey: + mp_clear_multi(r, s, p, e, NULL); + return err; +} + +#endif +/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ecc_sign_hash.c,v $ */ +/* $Revision: 1.9 $ */ +/* $Date: 2006/12/04 02:50:11 $ */ + diff --git a/libtomcrypt/src/pk/ecc/ecc_sizes.c b/libtomcrypt/src/pk/ecc/ecc_sizes.c new file mode 100644 index 0000000..f4b2d82 --- /dev/null +++ b/libtomcrypt/src/pk/ecc/ecc_sizes.c @@ -0,0 +1,48 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com + */ + +/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b + * + * All curves taken from NIST recommendation paper of July 1999 + * Available at http://csrc.nist.gov/cryptval/dss.htm + */ +#include "tomcrypt.h" + +/** + @file ecc_sizes.c + ECC Crypto, Tom St Denis +*/ + +#ifdef MECC + +void ecc_sizes(int *low, int *high) +{ + int i; + LTC_ARGCHKVD(low != NULL); + LTC_ARGCHKVD(high != NULL); + + *low = INT_MAX; + *high = 0; + for (i = 0; ltc_ecc_sets[i].size != 0; i++) { + if (ltc_ecc_sets[i].size < *low) { + *low = ltc_ecc_sets[i].size; + } + if (ltc_ecc_sets[i].size > *high) { + *high = ltc_ecc_sets[i].size; + } + } +} + +#endif +/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ecc_sizes.c,v $ */ +/* $Revision: 1.4 $ */ +/* $Date: 2006/06/09 01:38:14 $ */ + diff --git a/libtomcrypt/src/pk/ecc/ecc_sys.c b/libtomcrypt/src/pk/ecc/ecc_sys.c deleted file mode 100644 index 65ead31..0000000 --- a/libtomcrypt/src/pk/ecc/ecc_sys.c +++ /dev/null @@ -1,462 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org - */ - -/** - @file ecc_sys.c - ECC Crypto, Tom St Denis -*/ - -/** - Encrypt a symmetric key with ECC - @param in The symmetric key you want to encrypt - @param inlen The length of the key to encrypt (octets) - @param out [out] The destination for the ciphertext - @param outlen [in/out] The max size and resulting size of the ciphertext - @param prng An active PRNG state - @param wprng The index of the PRNG you wish to use - @param hash The index of the hash you want to use - @param key The ECC key you want to encrypt to - @return CRYPT_OK if successful -*/ -int ecc_encrypt_key(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen, - prng_state *prng, int wprng, int hash, - ecc_key *key) -{ - unsigned char *pub_expt, *ecc_shared, *skey; - ecc_key pubkey; - unsigned long x, y, pubkeysize; - int err; - - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - LTC_ARGCHK(key != NULL); - - /* check that wprng/cipher/hash are not invalid */ - if ((err = prng_is_valid(wprng)) != CRYPT_OK) { - return err; - } - - if ((err = hash_is_valid(hash)) != CRYPT_OK) { - return err; - } - - if (inlen > hash_descriptor[hash].hashsize) { - return CRYPT_INVALID_HASH; - } - - /* make a random key and export the public copy */ - if ((err = ecc_make_key(prng, wprng, ecc_get_size(key), &pubkey)) != CRYPT_OK) { - return err; - } - - pub_expt = XMALLOC(ECC_BUF_SIZE); - ecc_shared = XMALLOC(ECC_BUF_SIZE); - skey = XMALLOC(MAXBLOCKSIZE); - if (pub_expt == NULL || ecc_shared == NULL || skey == NULL) { - if (pub_expt != NULL) { - XFREE(pub_expt); - } - if (ecc_shared != NULL) { - XFREE(ecc_shared); - } - if (skey != NULL) { - XFREE(skey); - } - ecc_free(&pubkey); - return CRYPT_MEM; - } - - pubkeysize = ECC_BUF_SIZE; - if ((err = ecc_export(pub_expt, &pubkeysize, PK_PUBLIC, &pubkey)) != CRYPT_OK) { - ecc_free(&pubkey); - goto LBL_ERR; - } - - /* make random key */ - x = ECC_BUF_SIZE; - if ((err = ecc_shared_secret(&pubkey, key, ecc_shared, &x)) != CRYPT_OK) { - ecc_free(&pubkey); - goto LBL_ERR; - } - ecc_free(&pubkey); - y = MAXBLOCKSIZE; - if ((err = hash_memory(hash, ecc_shared, x, skey, &y)) != CRYPT_OK) { - goto LBL_ERR; - } - - /* Encrypt key */ - for (x = 0; x < inlen; x++) { - skey[x] ^= in[x]; - } - - err = der_encode_sequence_multi(out, outlen, - LTC_ASN1_OBJECT_IDENTIFIER, hash_descriptor[hash].OIDlen, hash_descriptor[hash].OID, - LTC_ASN1_OCTET_STRING, pubkeysize, pub_expt, - LTC_ASN1_OCTET_STRING, inlen, skey, - LTC_ASN1_EOL, 0UL, NULL); - -LBL_ERR: -#ifdef LTC_CLEAN_STACK - /* clean up */ - zeromem(pub_expt, ECC_BUF_SIZE); - zeromem(ecc_shared, ECC_BUF_SIZE); - zeromem(skey, MAXBLOCKSIZE); -#endif - - XFREE(skey); - XFREE(ecc_shared); - XFREE(pub_expt); - - return err; -} - -/** - Decrypt an ECC encrypted key - @param in The ciphertext - @param inlen The length of the ciphertext (octets) - @param out [out] The plaintext - @param outlen [in/out] The max size and resulting size of the plaintext - @param key The corresponding private ECC key - @return CRYPT_OK if successful -*/ -int ecc_decrypt_key(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen, - ecc_key *key) -{ - unsigned char *ecc_shared, *skey, *pub_expt; - unsigned long x, y, hashOID[32]; - int hash, err; - ecc_key pubkey; - ltc_asn1_list decode[3]; - - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - LTC_ARGCHK(key != NULL); - - /* right key type? */ - if (key->type != PK_PRIVATE) { - return CRYPT_PK_NOT_PRIVATE; - } - - /* decode to find out hash */ - LTC_SET_ASN1(decode, 0, LTC_ASN1_OBJECT_IDENTIFIER, hashOID, sizeof(hashOID)/sizeof(hashOID[0])); - - if ((err = der_decode_sequence(in, inlen, decode, 1)) != CRYPT_OK) { - return err; - } - for (hash = 0; hash_descriptor[hash].name != NULL && - (hash_descriptor[hash].OIDlen != decode[0].size || - memcmp(hash_descriptor[hash].OID, hashOID, sizeof(unsigned long)*decode[0].size)); hash++); - - if (hash_descriptor[hash].name == NULL) { - return CRYPT_INVALID_PACKET; - } - - /* we now have the hash! */ - - /* allocate memory */ - pub_expt = XMALLOC(ECC_BUF_SIZE); - ecc_shared = XMALLOC(ECC_BUF_SIZE); - skey = XMALLOC(MAXBLOCKSIZE); - if (pub_expt == NULL || ecc_shared == NULL || skey == NULL) { - if (pub_expt != NULL) { - XFREE(pub_expt); - } - if (ecc_shared != NULL) { - XFREE(ecc_shared); - } - if (skey != NULL) { - XFREE(skey); - } - return CRYPT_MEM; - } - LTC_SET_ASN1(decode, 1, LTC_ASN1_OCTET_STRING, pub_expt, ECC_BUF_SIZE); - LTC_SET_ASN1(decode, 2, LTC_ASN1_OCTET_STRING, skey, MAXBLOCKSIZE); - - /* read the structure in now */ - if ((err = der_decode_sequence(in, inlen, decode, 3)) != CRYPT_OK) { - goto LBL_ERR; - } - - /* import ECC key from packet */ - if ((err = ecc_import(decode[1].data, decode[1].size, &pubkey)) != CRYPT_OK) { - goto LBL_ERR; - } - - /* make shared key */ - x = ECC_BUF_SIZE; - if ((err = ecc_shared_secret(key, &pubkey, ecc_shared, &x)) != CRYPT_OK) { - ecc_free(&pubkey); - goto LBL_ERR; - } - ecc_free(&pubkey); - - y = MAXBLOCKSIZE; - if ((err = hash_memory(hash, ecc_shared, x, ecc_shared, &y)) != CRYPT_OK) { - goto LBL_ERR; - } - - /* ensure the hash of the shared secret is at least as big as the encrypt itself */ - if (decode[2].size > y) { - err = CRYPT_INVALID_PACKET; - goto LBL_ERR; - } - - /* avoid buffer overflow */ - if (*outlen < decode[2].size) { - err = CRYPT_BUFFER_OVERFLOW; - goto LBL_ERR; - } - - /* Decrypt the key */ - for (x = 0; x < decode[2].size; x++) { - out[x] = skey[x] ^ ecc_shared[x]; - } - *outlen = x; - - err = CRYPT_OK; -LBL_ERR: -#ifdef LTC_CLEAN_STACK - zeromem(pub_expt, ECC_BUF_SIZE); - zeromem(ecc_shared, ECC_BUF_SIZE); - zeromem(skey, MAXBLOCKSIZE); -#endif - - XFREE(pub_expt); - XFREE(ecc_shared); - XFREE(skey); - - return err; -} - -/** - Sign a message digest - @param in The message digest to sign - @param inlen The length of the digest - @param out [out] The destination for the signature - @param outlen [in/out] The max size and resulting size of the signature - @param prng An active PRNG state - @param wprng The index of the PRNG you wish to use - @param key A private ECC key - @return CRYPT_OK if successful -*/ -int ecc_sign_hash(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen, - prng_state *prng, int wprng, ecc_key *key) -{ - ecc_key pubkey; - mp_int r, s, e, p; - int err; - - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - LTC_ARGCHK(key != NULL); - - /* is this a private key? */ - if (key->type != PK_PRIVATE) { - return CRYPT_PK_NOT_PRIVATE; - } - - /* is the IDX valid ? */ - if (is_valid_idx(key->idx) != 1) { - return CRYPT_PK_INVALID_TYPE; - } - - if ((err = prng_is_valid(wprng)) != CRYPT_OK) { - return err; - } - - /* get the hash and load it as a bignum into 'e' */ - /* init the bignums */ - if ((err = mp_init_multi(&r, &s, &p, &e, NULL)) != MP_OKAY) { - ecc_free(&pubkey); - err = mpi_to_ltc_error(err); - goto LBL_ERR; - } - if ((err = mp_read_radix(&p, (char *)sets[key->idx].order, 64)) != MP_OKAY) { goto error; } - if ((err = mp_read_unsigned_bin(&e, (unsigned char *)in, (int)inlen)) != MP_OKAY) { goto error; } - - /* make up a key and export the public copy */ - for (;;) { - if ((err = ecc_make_key(prng, wprng, ecc_get_size(key), &pubkey)) != CRYPT_OK) { - return err; - } - - /* find r = x1 mod n */ - if ((err = mp_mod(&pubkey.pubkey.x, &p, &r)) != MP_OKAY) { goto error; } - - if (mp_iszero(&r)) { - ecc_free(&pubkey); - } else { - /* find s = (e + xr)/k */ - if ((err = mp_invmod(&pubkey.k, &p, &pubkey.k)) != MP_OKAY) { goto error; } /* k = 1/k */ - if ((err = mp_mulmod(&key->k, &r, &p, &s)) != MP_OKAY) { goto error; } /* s = xr */ - if ((err = mp_addmod(&e, &s, &p, &s)) != MP_OKAY) { goto error; } /* s = e + xr */ - if ((err = mp_mulmod(&s, &pubkey.k, &p, &s)) != MP_OKAY) { goto error; } /* s = (e + xr)/k */ - - if (mp_iszero(&s)) { - ecc_free(&pubkey); - } else { - break; - } - } - } - - /* store as SEQUENCE { r, s -- integer } */ - err = der_encode_sequence_multi(out, outlen, - LTC_ASN1_INTEGER, 1UL, &r, - LTC_ASN1_INTEGER, 1UL, &s, - LTC_ASN1_EOL, 0UL, NULL); - goto LBL_ERR; -error: - err = mpi_to_ltc_error(err); -LBL_ERR: - mp_clear_multi(&r, &s, &p, &e, NULL); - ecc_free(&pubkey); - - return err; -} - -/* verify - * - * w = s^-1 mod n - * u1 = xw - * u2 = rw - * X = u1*G + u2*Q - * v = X_x1 mod n - * accept if v == r - */ - -/** - Verify an ECC signature - @param sig The signature to verify - @param siglen The length of the signature (octets) - @param hash The hash (message digest) that was signed - @param hashlen The length of the hash (octets) - @param stat Result of signature, 1==valid, 0==invalid - @param key The corresponding public ECC key - @return CRYPT_OK if successful (even if the signature is not valid) -*/ -int ecc_verify_hash(const unsigned char *sig, unsigned long siglen, - const unsigned char *hash, unsigned long hashlen, - int *stat, ecc_key *key) -{ - ecc_point *mG, *mQ; - mp_int r, s, v, w, u1, u2, e, p, m; - mp_digit mp; - int err; - - LTC_ARGCHK(sig != NULL); - LTC_ARGCHK(hash != NULL); - LTC_ARGCHK(stat != NULL); - LTC_ARGCHK(key != NULL); - - /* default to invalid signature */ - *stat = 0; - - /* is the IDX valid ? */ - if (is_valid_idx(key->idx) != 1) { - return CRYPT_PK_INVALID_TYPE; - } - - /* allocate ints */ - if ((err = mp_init_multi(&r, &s, &v, &w, &u1, &u2, &p, &e, &m, NULL)) != MP_OKAY) { - return CRYPT_MEM; - } - - /* allocate points */ - mG = new_point(); - mQ = new_point(); - if (mQ == NULL || mG == NULL) { - err = CRYPT_MEM; - goto done; - } - - /* parse header */ - if ((err = der_decode_sequence_multi(sig, siglen, - LTC_ASN1_INTEGER, 1UL, &r, - LTC_ASN1_INTEGER, 1UL, &s, - LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { - goto done; - } - - /* get the order */ - if ((err = mp_read_radix(&p, (char *)sets[key->idx].order, 64)) != MP_OKAY) { goto error; } - - /* get the modulus */ - if ((err = mp_read_radix(&m, (char *)sets[key->idx].prime, 64)) != MP_OKAY) { goto error; } - - /* check for zero */ - if (mp_iszero(&r) || mp_iszero(&s) || mp_cmp(&r, &p) != MP_LT || mp_cmp(&s, &p) != MP_LT) { - err = CRYPT_INVALID_PACKET; - goto done; - } - - /* read hash */ - if ((err = mp_read_unsigned_bin(&e, (unsigned char *)hash, (int)hashlen)) != MP_OKAY) { goto error; } - - /* w = s^-1 mod n */ - if ((err = mp_invmod(&s, &p, &w)) != MP_OKAY) { goto error; } - - /* u1 = ew */ - if ((err = mp_mulmod(&e, &w, &p, &u1)) != MP_OKAY) { goto error; } - - /* u2 = rw */ - if ((err = mp_mulmod(&r, &w, &p, &u2)) != MP_OKAY) { goto error; } - - /* find mG = u1*G */ - if ((err = mp_read_radix(&mG->x, (char *)sets[key->idx].Gx, 64)) != MP_OKAY) { goto error; } - if ((err = mp_read_radix(&mG->y, (char *)sets[key->idx].Gy, 64)) != MP_OKAY) { goto error; } - mp_set(&mG->z, 1); - if ((err = ecc_mulmod(&u1, mG, mG, &m, 0)) != CRYPT_OK) { goto done; } - - /* find mQ = u2*Q */ - if ((err = mp_copy(&key->pubkey.x, &mQ->x)) != MP_OKAY) { goto error; } - if ((err = mp_copy(&key->pubkey.y, &mQ->y)) != MP_OKAY) { goto error; } - if ((err = mp_copy(&key->pubkey.z, &mQ->z)) != MP_OKAY) { goto error; } - if ((err = ecc_mulmod(&u2, mQ, mQ, &m, 0)) != CRYPT_OK) { goto done; } - - /* find the montgomery mp */ - if ((err = mp_montgomery_setup(&m, &mp)) != MP_OKAY) { goto error; } - /* add them */ - if ((err = add_point(mQ, mG, mG, &m, mp)) != CRYPT_OK) { goto done; } - - /* reduce */ - if ((err = ecc_map(mG, &m, mp)) != CRYPT_OK) { goto done; } - - /* v = X_x1 mod n */ - if ((err = mp_mod(&mG->x, &p, &v)) != CRYPT_OK) { goto done; } - - /* does v == r */ - if (mp_cmp(&v, &r) == MP_EQ) { - *stat = 1; - } - - /* clear up and return */ - err = CRYPT_OK; - goto done; -error: - err = mpi_to_ltc_error(err); -done: - del_point(mG); - del_point(mQ); - mp_clear_multi(&r, &s, &v, &w, &u1, &u2, &p, &e, &m, NULL); - return err; -} - - -/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ecc_sys.c,v $ */ -/* $Revision: 1.18 $ */ -/* $Date: 2005/06/14 20:47:55 $ */ diff --git a/libtomcrypt/src/pk/ecc/ecc_test.c b/libtomcrypt/src/pk/ecc/ecc_test.c new file mode 100644 index 0000000..faa167c --- /dev/null +++ b/libtomcrypt/src/pk/ecc/ecc_test.c @@ -0,0 +1,95 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com + */ + +/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b + * + * All curves taken from NIST recommendation paper of July 1999 + * Available at http://csrc.nist.gov/cryptval/dss.htm + */ +#include "tomcrypt.h" + +/** + @file ecc_test.c + ECC Crypto, Tom St Denis +*/ + +#ifdef MECC + +/** + Perform on the ECC system + @return CRYPT_OK if successful +*/ +int ecc_test(void) +{ + void *modulus, *order; + ecc_point *G, *GG; + int i, err, primality; + + if ((err = mp_init_multi(&modulus, &order, NULL)) != CRYPT_OK) { + return err; + } + + G = ltc_ecc_new_point(); + GG = ltc_ecc_new_point(); + if (G == NULL || GG == NULL) { + mp_clear_multi(modulus, order, NULL); + ltc_ecc_del_point(G); + ltc_ecc_del_point(GG); + return CRYPT_MEM; + } + + for (i = 0; ltc_ecc_sets[i].size; i++) { + #if 0 + printf("Testing %d\n", ltc_ecc_sets[i].size); + #endif + if ((err = mp_read_radix(modulus, (char *)ltc_ecc_sets[i].prime, 16)) != CRYPT_OK) { goto done; } + if ((err = mp_read_radix(order, (char *)ltc_ecc_sets[i].order, 16)) != CRYPT_OK) { goto done; } + + /* is prime actually prime? */ + if ((err = mp_prime_is_prime(modulus, 8, &primality)) != CRYPT_OK) { goto done; } + if (primality == 0) { + err = CRYPT_FAIL_TESTVECTOR; + goto done; + } + + /* is order prime ? */ + if ((err = mp_prime_is_prime(order, 8, &primality)) != CRYPT_OK) { goto done; } + if (primality == 0) { + err = CRYPT_FAIL_TESTVECTOR; + goto done; + } + + if ((err = mp_read_radix(G->x, (char *)ltc_ecc_sets[i].Gx, 16)) != CRYPT_OK) { goto done; } + if ((err = mp_read_radix(G->y, (char *)ltc_ecc_sets[i].Gy, 16)) != CRYPT_OK) { goto done; } + mp_set(G->z, 1); + + /* then we should have G == (order + 1)G */ + if ((err = mp_add_d(order, 1, order)) != CRYPT_OK) { goto done; } + if ((err = ltc_mp.ecc_ptmul(order, G, GG, modulus, 1)) != CRYPT_OK) { goto done; } + if (mp_cmp(G->x, GG->x) != LTC_MP_EQ || mp_cmp(G->y, GG->y) != LTC_MP_EQ) { + err = CRYPT_FAIL_TESTVECTOR; + goto done; + } + } + err = CRYPT_OK; +done: + ltc_ecc_del_point(GG); + ltc_ecc_del_point(G); + mp_clear_multi(order, modulus, NULL); + return err; +} + +#endif + +/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ecc_test.c,v $ */ +/* $Revision: 1.10 $ */ +/* $Date: 2006/12/04 02:19:48 $ */ + diff --git a/libtomcrypt/src/pk/ecc/ecc_verify_hash.c b/libtomcrypt/src/pk/ecc/ecc_verify_hash.c new file mode 100644 index 0000000..bd8a840 --- /dev/null +++ b/libtomcrypt/src/pk/ecc/ecc_verify_hash.c @@ -0,0 +1,165 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com + */ + +/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b + * + * All curves taken from NIST recommendation paper of July 1999 + * Available at http://csrc.nist.gov/cryptval/dss.htm + */ +#include "tomcrypt.h" + +/** + @file ecc_verify_hash.c + ECC Crypto, Tom St Denis +*/ + +#ifdef MECC + +/* verify + * + * w = s^-1 mod n + * u1 = xw + * u2 = rw + * X = u1*G + u2*Q + * v = X_x1 mod n + * accept if v == r + */ + +/** + Verify an ECC signature + @param sig The signature to verify + @param siglen The length of the signature (octets) + @param hash The hash (message digest) that was signed + @param hashlen The length of the hash (octets) + @param stat Result of signature, 1==valid, 0==invalid + @param key The corresponding public ECC key + @return CRYPT_OK if successful (even if the signature is not valid) +*/ +int ecc_verify_hash(const unsigned char *sig, unsigned long siglen, + const unsigned char *hash, unsigned long hashlen, + int *stat, ecc_key *key) +{ + ecc_point *mG, *mQ; + void *r, *s, *v, *w, *u1, *u2, *e, *p, *m; + void *mp; + int err; + + LTC_ARGCHK(sig != NULL); + LTC_ARGCHK(hash != NULL); + LTC_ARGCHK(stat != NULL); + LTC_ARGCHK(key != NULL); + + /* default to invalid signature */ + *stat = 0; + mp = NULL; + + /* is the IDX valid ? */ + if (ltc_ecc_is_valid_idx(key->idx) != 1) { + return CRYPT_PK_INVALID_TYPE; + } + + /* allocate ints */ + if ((err = mp_init_multi(&r, &s, &v, &w, &u1, &u2, &p, &e, &m, NULL)) != CRYPT_OK) { + return CRYPT_MEM; + } + + /* allocate points */ + mG = ltc_ecc_new_point(); + mQ = ltc_ecc_new_point(); + if (mQ == NULL || mG == NULL) { + err = CRYPT_MEM; + goto error; + } + + /* parse header */ + if ((err = der_decode_sequence_multi(sig, siglen, + LTC_ASN1_INTEGER, 1UL, r, + LTC_ASN1_INTEGER, 1UL, s, + LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { + goto error; + } + + /* get the order */ + if ((err = mp_read_radix(p, (char *)key->dp->order, 16)) != CRYPT_OK) { goto error; } + + /* get the modulus */ + if ((err = mp_read_radix(m, (char *)key->dp->prime, 16)) != CRYPT_OK) { goto error; } + + /* check for zero */ + if (mp_iszero(r) || mp_iszero(s) || mp_cmp(r, p) != LTC_MP_LT || mp_cmp(s, p) != LTC_MP_LT) { + err = CRYPT_INVALID_PACKET; + goto error; + } + + /* read hash */ + if ((err = mp_read_unsigned_bin(e, (unsigned char *)hash, (int)hashlen)) != CRYPT_OK) { goto error; } + + /* w = s^-1 mod n */ + if ((err = mp_invmod(s, p, w)) != CRYPT_OK) { goto error; } + + /* u1 = ew */ + if ((err = mp_mulmod(e, w, p, u1)) != CRYPT_OK) { goto error; } + + /* u2 = rw */ + if ((err = mp_mulmod(r, w, p, u2)) != CRYPT_OK) { goto error; } + + /* find mG and mQ */ + if ((err = mp_read_radix(mG->x, (char *)key->dp->Gx, 16)) != CRYPT_OK) { goto error; } + if ((err = mp_read_radix(mG->y, (char *)key->dp->Gy, 16)) != CRYPT_OK) { goto error; } + if ((err = mp_set(mG->z, 1)) != CRYPT_OK) { goto error; } + + if ((err = mp_copy(key->pubkey.x, mQ->x)) != CRYPT_OK) { goto error; } + if ((err = mp_copy(key->pubkey.y, mQ->y)) != CRYPT_OK) { goto error; } + if ((err = mp_copy(key->pubkey.z, mQ->z)) != CRYPT_OK) { goto error; } + + /* compute u1*mG + u2*mQ = mG */ + if (ltc_mp.ecc_mul2add == NULL) { + if ((err = ltc_mp.ecc_ptmul(u1, mG, mG, m, 0)) != CRYPT_OK) { goto error; } + if ((err = ltc_mp.ecc_ptmul(u2, mQ, mQ, m, 0)) != CRYPT_OK) { goto error; } + + /* find the montgomery mp */ + if ((err = mp_montgomery_setup(m, &mp)) != CRYPT_OK) { goto error; } + + /* add them */ + if ((err = ltc_mp.ecc_ptadd(mQ, mG, mG, m, mp)) != CRYPT_OK) { goto error; } + + /* reduce */ + if ((err = ltc_mp.ecc_map(mG, m, mp)) != CRYPT_OK) { goto error; } + } else { + /* use Shamir's trick to compute u1*mG + u2*mQ using half of the doubles */ + if ((err = ltc_mp.ecc_mul2add(mG, u1, mQ, u2, mG, m)) != CRYPT_OK) { goto error; } + } + + /* v = X_x1 mod n */ + if ((err = mp_mod(mG->x, p, v)) != CRYPT_OK) { goto error; } + + /* does v == r */ + if (mp_cmp(v, r) == LTC_MP_EQ) { + *stat = 1; + } + + /* clear up and return */ + err = CRYPT_OK; +error: + ltc_ecc_del_point(mG); + ltc_ecc_del_point(mQ); + mp_clear_multi(r, s, v, w, u1, u2, p, e, m, NULL); + if (mp != NULL) { + mp_montgomery_free(mp); + } + return err; +} + +#endif +/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ecc_verify_hash.c,v $ */ +/* $Revision: 1.12 $ */ +/* $Date: 2006/12/04 05:07:59 $ */ + diff --git a/libtomcrypt/src/pk/ecc/ltc_ecc_is_valid_idx.c b/libtomcrypt/src/pk/ecc/ltc_ecc_is_valid_idx.c new file mode 100644 index 0000000..cf81f24 --- /dev/null +++ b/libtomcrypt/src/pk/ecc/ltc_ecc_is_valid_idx.c @@ -0,0 +1,46 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com + */ + +/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b + * + * All curves taken from NIST recommendation paper of July 1999 + * Available at http://csrc.nist.gov/cryptval/dss.htm + */ +#include "tomcrypt.h" + +/** + @file ltc_ecc_is_valid_idx.c + ECC Crypto, Tom St Denis +*/ + +#ifdef MECC + +/** Returns whether an ECC idx is valid or not + @param n The idx number to check + @return 1 if valid, 0 if not +*/ +int ltc_ecc_is_valid_idx(int n) +{ + int x; + + for (x = 0; ltc_ecc_sets[x].size != 0; x++); + /* -1 is a valid index --- indicating that the domain params were supplied by the user */ + if ((n >= -1) || (n < x)) { + return 1; + } + return 0; +} + +#endif +/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ltc_ecc_is_valid_idx.c,v $ */ +/* $Revision: 1.4 $ */ +/* $Date: 2006/11/21 00:10:18 $ */ + diff --git a/libtomcrypt/src/pk/ecc/ltc_ecc_map.c b/libtomcrypt/src/pk/ecc/ltc_ecc_map.c new file mode 100644 index 0000000..eec28b3 --- /dev/null +++ b/libtomcrypt/src/pk/ecc/ltc_ecc_map.c @@ -0,0 +1,76 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com + */ + +/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b + * + * All curves taken from NIST recommendation paper of July 1999 + * Available at http://csrc.nist.gov/cryptval/dss.htm + */ +#include "tomcrypt.h" + +/** + @file ltc_ecc_map.c + ECC Crypto, Tom St Denis +*/ + +#ifdef MECC + +/** + Map a projective jacbobian point back to affine space + @param P [in/out] The point to map + @param modulus The modulus of the field the ECC curve is in + @param mp The "b" value from montgomery_setup() + @return CRYPT_OK on success +*/ +int ltc_ecc_map(ecc_point *P, void *modulus, void *mp) +{ + void *t1, *t2; + int err; + + LTC_ARGCHK(P != NULL); + LTC_ARGCHK(modulus != NULL); + LTC_ARGCHK(mp != NULL); + + if ((err = mp_init_multi(&t1, &t2, NULL)) != CRYPT_OK) { + return CRYPT_MEM; + } + + /* first map z back to normal */ + if ((err = mp_montgomery_reduce(P->z, modulus, mp)) != CRYPT_OK) { goto done; } + + /* get 1/z */ + if ((err = mp_invmod(P->z, modulus, t1)) != CRYPT_OK) { goto done; } + + /* get 1/z^2 and 1/z^3 */ + if ((err = mp_sqr(t1, t2)) != CRYPT_OK) { goto done; } + if ((err = mp_mod(t2, modulus, t2)) != CRYPT_OK) { goto done; } + if ((err = mp_mul(t1, t2, t1)) != CRYPT_OK) { goto done; } + if ((err = mp_mod(t1, modulus, t1)) != CRYPT_OK) { goto done; } + + /* multiply against x/y */ + if ((err = mp_mul(P->x, t2, P->x)) != CRYPT_OK) { goto done; } + if ((err = mp_montgomery_reduce(P->x, modulus, mp)) != CRYPT_OK) { goto done; } + if ((err = mp_mul(P->y, t1, P->y)) != CRYPT_OK) { goto done; } + if ((err = mp_montgomery_reduce(P->y, modulus, mp)) != CRYPT_OK) { goto done; } + if ((err = mp_set(P->z, 1)) != CRYPT_OK) { goto done; } + + err = CRYPT_OK; +done: + mp_clear_multi(t1, t2, NULL); + return err; +} + +#endif + +/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ltc_ecc_map.c,v $ */ +/* $Revision: 1.5 $ */ +/* $Date: 2006/12/04 02:50:11 $ */ + diff --git a/libtomcrypt/src/pk/ecc/ltc_ecc_mul2add.c b/libtomcrypt/src/pk/ecc/ltc_ecc_mul2add.c new file mode 100644 index 0000000..ac1c24f --- /dev/null +++ b/libtomcrypt/src/pk/ecc/ltc_ecc_mul2add.c @@ -0,0 +1,207 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com + */ + +/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b + * + * All curves taken from NIST recommendation paper of July 1999 + * Available at http://csrc.nist.gov/cryptval/dss.htm + */ +#include "tomcrypt.h" + +/** + @file ltc_ecc_mul2add.c + ECC Crypto, Shamir's Trick, Tom St Denis +*/ + +#ifdef MECC + +#ifdef LTC_ECC_SHAMIR + +/** Computes kA*A + kB*B = C using Shamir's Trick + @param A First point to multiply + @param kA What to multiple A by + @param B Second point to multiply + @param kB What to multiple B by + @param C [out] Destination point (can overlap with A or B + @param modulus Modulus for curve + @return CRYPT_OK on success +*/ +int ltc_ecc_mul2add(ecc_point *A, void *kA, + ecc_point *B, void *kB, + ecc_point *C, + void *modulus) +{ + ecc_point *precomp[16]; + unsigned bitbufA, bitbufB, lenA, lenB, len, x, y, nA, nB, nibble; + unsigned char *tA, *tB; + int err, first; + void *mp, *mu; + + /* argchks */ + LTC_ARGCHK(A != NULL); + LTC_ARGCHK(B != NULL); + LTC_ARGCHK(C != NULL); + LTC_ARGCHK(kA != NULL); + LTC_ARGCHK(kB != NULL); + LTC_ARGCHK(modulus != NULL); + + /* allocate memory */ + tA = XCALLOC(1, ECC_BUF_SIZE); + if (tA == NULL) { + return CRYPT_MEM; + } + tB = XCALLOC(1, ECC_BUF_SIZE); + if (tB == NULL) { + XFREE(tA); + return CRYPT_MEM; + } + + /* get sizes */ + lenA = mp_unsigned_bin_size(kA); + lenB = mp_unsigned_bin_size(kB); + len = MAX(lenA, lenB); + + /* sanity check */ + if ((lenA > ECC_BUF_SIZE) || (lenB > ECC_BUF_SIZE)) { + err = CRYPT_INVALID_ARG; + goto ERR_T; + } + + /* extract and justify kA */ + mp_to_unsigned_bin(kA, (len - lenA) + tA); + + /* extract and justify kB */ + mp_to_unsigned_bin(kB, (len - lenB) + tB); + + /* allocate the table */ + for (x = 0; x < 16; x++) { + precomp[x] = ltc_ecc_new_point(); + if (precomp[x] == NULL) { + for (y = 0; y < x; ++y) { + ltc_ecc_del_point(precomp[y]); + } + err = CRYPT_MEM; + goto ERR_T; + } + } + + /* init montgomery reduction */ + if ((err = mp_montgomery_setup(modulus, &mp)) != CRYPT_OK) { + goto ERR_P; + } + if ((err = mp_init(&mu)) != CRYPT_OK) { + goto ERR_MP; + } + if ((err = mp_montgomery_normalization(mu, modulus)) != CRYPT_OK) { + goto ERR_MU; + } + + /* copy ones ... */ + if ((err = mp_mulmod(A->x, mu, modulus, precomp[1]->x)) != CRYPT_OK) { goto ERR_MU; } + if ((err = mp_mulmod(A->y, mu, modulus, precomp[1]->y)) != CRYPT_OK) { goto ERR_MU; } + if ((err = mp_mulmod(A->z, mu, modulus, precomp[1]->z)) != CRYPT_OK) { goto ERR_MU; } + + if ((err = mp_mulmod(B->x, mu, modulus, precomp[1<<2]->x)) != CRYPT_OK) { goto ERR_MU; } + if ((err = mp_mulmod(B->y, mu, modulus, precomp[1<<2]->y)) != CRYPT_OK) { goto ERR_MU; } + if ((err = mp_mulmod(B->z, mu, modulus, precomp[1<<2]->z)) != CRYPT_OK) { goto ERR_MU; } + + /* precomp [i,0](A + B) table */ + if ((err = ltc_mp.ecc_ptdbl(precomp[1], precomp[2], modulus, mp)) != CRYPT_OK) { goto ERR_MU; } + if ((err = ltc_mp.ecc_ptadd(precomp[1], precomp[2], precomp[3], modulus, mp)) != CRYPT_OK) { goto ERR_MU; } + + /* precomp [0,i](A + B) table */ + if ((err = ltc_mp.ecc_ptdbl(precomp[1<<2], precomp[2<<2], modulus, mp)) != CRYPT_OK) { goto ERR_MU; } + if ((err = ltc_mp.ecc_ptadd(precomp[1<<2], precomp[2<<2], precomp[3<<2], modulus, mp)) != CRYPT_OK) { goto ERR_MU; } + + /* precomp [i,j](A + B) table (i != 0, j != 0) */ + for (x = 1; x < 4; x++) { + for (y = 1; y < 4; y++) { + if ((err = ltc_mp.ecc_ptadd(precomp[x], precomp[(y<<2)], precomp[x+(y<<2)], modulus, mp)) != CRYPT_OK) { goto ERR_MU; } + } + } + + nibble = 3; + first = 1; + bitbufA = tA[0]; + bitbufB = tB[0]; + + /* for every byte of the multiplicands */ + for (x = -1;; ) { + /* grab a nibble */ + if (++nibble == 4) { + ++x; if (x == len) break; + bitbufA = tA[x]; + bitbufB = tB[x]; + nibble = 0; + } + + /* extract two bits from both, shift/update */ + nA = (bitbufA >> 6) & 0x03; + nB = (bitbufB >> 6) & 0x03; + bitbufA = (bitbufA << 2) & 0xFF; + bitbufB = (bitbufB << 2) & 0xFF; + + /* if both zero, if first, continue */ + if ((nA == 0) && (nB == 0) && (first == 1)) { + continue; + } + + /* double twice, only if this isn't the first */ + if (first == 0) { + /* double twice */ + if ((err = ltc_mp.ecc_ptdbl(C, C, modulus, mp)) != CRYPT_OK) { goto ERR_MU; } + if ((err = ltc_mp.ecc_ptdbl(C, C, modulus, mp)) != CRYPT_OK) { goto ERR_MU; } + } + + /* if not both zero */ + if ((nA != 0) || (nB != 0)) { + if (first == 1) { + /* if first, copy from table */ + first = 0; + if ((err = mp_copy(precomp[nA + (nB<<2)]->x, C->x)) != CRYPT_OK) { goto ERR_MU; } + if ((err = mp_copy(precomp[nA + (nB<<2)]->y, C->y)) != CRYPT_OK) { goto ERR_MU; } + if ((err = mp_copy(precomp[nA + (nB<<2)]->z, C->z)) != CRYPT_OK) { goto ERR_MU; } + } else { + /* if not first, add from table */ + if ((err = ltc_mp.ecc_ptadd(C, precomp[nA + (nB<<2)], C, modulus, mp)) != CRYPT_OK) { goto ERR_MU; } + } + } + } + + /* reduce to affine */ + err = ltc_ecc_map(C, modulus, mp); + + /* clean up */ +ERR_MU: + mp_clear(mu); +ERR_MP: + mp_montgomery_free(mp); +ERR_P: + for (x = 0; x < 16; x++) { + ltc_ecc_del_point(precomp[x]); + } +ERR_T: +#ifdef LTC_CLEAN_STACK + zeromem(tA, ECC_BUF_SIZE); + zeromem(tB, ECC_BUF_SIZE); +#endif + XFREE(tA); + XFREE(tB); + + return err; +} + +#endif +#endif + +/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ltc_ecc_mul2add.c,v $ */ +/* $Revision: 1.6 $ */ +/* $Date: 2006/12/04 05:07:59 $ */ diff --git a/libtomcrypt/src/pk/ecc/ltc_ecc_mulmod.c b/libtomcrypt/src/pk/ecc/ltc_ecc_mulmod.c new file mode 100644 index 0000000..0e4c92b --- /dev/null +++ b/libtomcrypt/src/pk/ecc/ltc_ecc_mulmod.c @@ -0,0 +1,222 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com + */ + +/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b + * + * All curves taken from NIST recommendation paper of July 1999 + * Available at http://csrc.nist.gov/cryptval/dss.htm + */ +#include "tomcrypt.h" + +/** + @file ltc_ecc_mulmod.c + ECC Crypto, Tom St Denis +*/ + +#ifdef MECC +#ifndef LTC_ECC_TIMING_RESISTANT + +/* size of sliding window, don't change this! */ +#define WINSIZE 4 + +/** + Perform a point multiplication + @param k The scalar to multiply by + @param G The base point + @param R [out] Destination for kG + @param modulus The modulus of the field the ECC curve is in + @param map Boolean whether to map back to affine or not (1==map, 0 == leave in projective) + @return CRYPT_OK on success +*/ +int ltc_ecc_mulmod(void *k, ecc_point *G, ecc_point *R, void *modulus, int map) +{ + ecc_point *tG, *M[8]; + int i, j, err; + void *mu, *mp; + unsigned long buf; + int first, bitbuf, bitcpy, bitcnt, mode, digidx; + + LTC_ARGCHK(k != NULL); + LTC_ARGCHK(G != NULL); + LTC_ARGCHK(R != NULL); + LTC_ARGCHK(modulus != NULL); + + /* init montgomery reduction */ + if ((err = mp_montgomery_setup(modulus, &mp)) != CRYPT_OK) { + return err; + } + if ((err = mp_init(&mu)) != CRYPT_OK) { + mp_montgomery_free(mp); + return err; + } + if ((err = mp_montgomery_normalization(mu, modulus)) != CRYPT_OK) { + mp_montgomery_free(mp); + mp_clear(mu); + return err; + } + + /* alloc ram for window temps */ + for (i = 0; i < 8; i++) { + M[i] = ltc_ecc_new_point(); + if (M[i] == NULL) { + for (j = 0; j < i; j++) { + ltc_ecc_del_point(M[j]); + } + mp_montgomery_free(mp); + mp_clear(mu); + return CRYPT_MEM; + } + } + + /* make a copy of G incase R==G */ + tG = ltc_ecc_new_point(); + if (tG == NULL) { err = CRYPT_MEM; goto done; } + + /* tG = G and convert to montgomery */ + if (mp_cmp_d(mu, 1) == LTC_MP_EQ) { + if ((err = mp_copy(G->x, tG->x)) != CRYPT_OK) { goto done; } + if ((err = mp_copy(G->y, tG->y)) != CRYPT_OK) { goto done; } + if ((err = mp_copy(G->z, tG->z)) != CRYPT_OK) { goto done; } + } else { + if ((err = mp_mulmod(G->x, mu, modulus, tG->x)) != CRYPT_OK) { goto done; } + if ((err = mp_mulmod(G->y, mu, modulus, tG->y)) != CRYPT_OK) { goto done; } + if ((err = mp_mulmod(G->z, mu, modulus, tG->z)) != CRYPT_OK) { goto done; } + } + mp_clear(mu); + mu = NULL; + + /* calc the M tab, which holds kG for k==8..15 */ + /* M[0] == 8G */ + if ((err = ltc_mp.ecc_ptdbl(tG, M[0], modulus, mp)) != CRYPT_OK) { goto done; } + if ((err = ltc_mp.ecc_ptdbl(M[0], M[0], modulus, mp)) != CRYPT_OK) { goto done; } + if ((err = ltc_mp.ecc_ptdbl(M[0], M[0], modulus, mp)) != CRYPT_OK) { goto done; } + + /* now find (8+k)G for k=1..7 */ + for (j = 9; j < 16; j++) { + if ((err = ltc_mp.ecc_ptadd(M[j-9], tG, M[j-8], modulus, mp)) != CRYPT_OK) { goto done; } + } + + /* setup sliding window */ + mode = 0; + bitcnt = 1; + buf = 0; + digidx = mp_get_digit_count(k) - 1; + bitcpy = bitbuf = 0; + first = 1; + + /* perform ops */ + for (;;) { + /* grab next digit as required */ + if (--bitcnt == 0) { + if (digidx == -1) { + break; + } + buf = mp_get_digit(k, digidx); + bitcnt = (int) ltc_mp.bits_per_digit; + --digidx; + } + + /* grab the next msb from the ltiplicand */ + i = (buf >> (ltc_mp.bits_per_digit - 1)) & 1; + buf <<= 1; + + /* skip leading zero bits */ + if (mode == 0 && i == 0) { + continue; + } + + /* if the bit is zero and mode == 1 then we double */ + if (mode == 1 && i == 0) { + if ((err = ltc_mp.ecc_ptdbl(R, R, modulus, mp)) != CRYPT_OK) { goto done; } + continue; + } + + /* else we add it to the window */ + bitbuf |= (i << (WINSIZE - ++bitcpy)); + mode = 2; + + if (bitcpy == WINSIZE) { + /* if this is the first window we do a simple copy */ + if (first == 1) { + /* R = kG [k = first window] */ + if ((err = mp_copy(M[bitbuf-8]->x, R->x)) != CRYPT_OK) { goto done; } + if ((err = mp_copy(M[bitbuf-8]->y, R->y)) != CRYPT_OK) { goto done; } + if ((err = mp_copy(M[bitbuf-8]->z, R->z)) != CRYPT_OK) { goto done; } + first = 0; + } else { + /* normal window */ + /* ok window is filled so double as required and add */ + /* double first */ + for (j = 0; j < WINSIZE; j++) { + if ((err = ltc_mp.ecc_ptdbl(R, R, modulus, mp)) != CRYPT_OK) { goto done; } + } + + /* then add, bitbuf will be 8..15 [8..2^WINSIZE] guaranteed */ + if ((err = ltc_mp.ecc_ptadd(R, M[bitbuf-8], R, modulus, mp)) != CRYPT_OK) { goto done; } + } + /* empty window and reset */ + bitcpy = bitbuf = 0; + mode = 1; + } + } + + /* if bits remain then double/add */ + if (mode == 2 && bitcpy > 0) { + /* double then add */ + for (j = 0; j < bitcpy; j++) { + /* only double if we have had at least one add first */ + if (first == 0) { + if ((err = ltc_mp.ecc_ptdbl(R, R, modulus, mp)) != CRYPT_OK) { goto done; } + } + + bitbuf <<= 1; + if ((bitbuf & (1 << WINSIZE)) != 0) { + if (first == 1){ + /* first add, so copy */ + if ((err = mp_copy(tG->x, R->x)) != CRYPT_OK) { goto done; } + if ((err = mp_copy(tG->y, R->y)) != CRYPT_OK) { goto done; } + if ((err = mp_copy(tG->z, R->z)) != CRYPT_OK) { goto done; } + first = 0; + } else { + /* then add */ + if ((err = ltc_mp.ecc_ptadd(R, tG, R, modulus, mp)) != CRYPT_OK) { goto done; } + } + } + } + } + + /* map R back from projective space */ + if (map) { + err = ltc_ecc_map(R, modulus, mp); + } else { + err = CRYPT_OK; + } +done: + if (mu != NULL) { + mp_clear(mu); + } + mp_montgomery_free(mp); + ltc_ecc_del_point(tG); + for (i = 0; i < 8; i++) { + ltc_ecc_del_point(M[i]); + } + return err; +} + +#endif + +#undef WINSIZE + +#endif + +/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ltc_ecc_mulmod.c,v $ */ +/* $Revision: 1.24 $ */ +/* $Date: 2006/12/04 05:07:59 $ */ diff --git a/libtomcrypt/src/pk/ecc/ltc_ecc_mulmod_timing.c b/libtomcrypt/src/pk/ecc/ltc_ecc_mulmod_timing.c new file mode 100644 index 0000000..b94a50c --- /dev/null +++ b/libtomcrypt/src/pk/ecc/ltc_ecc_mulmod_timing.c @@ -0,0 +1,167 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com + */ + +/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b + * + * All curves taken from NIST recommendation paper of July 1999 + * Available at http://csrc.nist.gov/cryptval/dss.htm + */ +#include "tomcrypt.h" + +/** + @file ltc_ecc_mulmod_timing.c + ECC Crypto, Tom St Denis +*/ + +#ifdef MECC + +#ifdef LTC_ECC_TIMING_RESISTANT + +/** + Perform a point multiplication (timing resistant) + @param k The scalar to multiply by + @param G The base point + @param R [out] Destination for kG + @param modulus The modulus of the field the ECC curve is in + @param map Boolean whether to map back to affine or not (1==map, 0 == leave in projective) + @return CRYPT_OK on success +*/ +int ltc_ecc_mulmod(void *k, ecc_point *G, ecc_point *R, void *modulus, int map) +{ + ecc_point *tG, *M[3]; + int i, j, err; + void *mu, *mp; + unsigned long buf; + int first, bitbuf, bitcpy, bitcnt, mode, digidx; + + LTC_ARGCHK(k != NULL); + LTC_ARGCHK(G != NULL); + LTC_ARGCHK(R != NULL); + LTC_ARGCHK(modulus != NULL); + + /* init montgomery reduction */ + if ((err = mp_montgomery_setup(modulus, &mp)) != CRYPT_OK) { + return err; + } + if ((err = mp_init(&mu)) != CRYPT_OK) { + mp_montgomery_free(mp); + return err; + } + if ((err = mp_montgomery_normalization(mu, modulus)) != CRYPT_OK) { + mp_clear(mu); + mp_montgomery_free(mp); + return err; + } + + /* alloc ram for window temps */ + for (i = 0; i < 3; i++) { + M[i] = ltc_ecc_new_point(); + if (M[i] == NULL) { + for (j = 0; j < i; j++) { + ltc_ecc_del_point(M[j]); + } + mp_clear(mu); + mp_montgomery_free(mp); + return CRYPT_MEM; + } + } + + /* make a copy of G incase R==G */ + tG = ltc_ecc_new_point(); + if (tG == NULL) { err = CRYPT_MEM; goto done; } + + /* tG = G and convert to montgomery */ + if ((err = mp_mulmod(G->x, mu, modulus, tG->x)) != CRYPT_OK) { goto done; } + if ((err = mp_mulmod(G->y, mu, modulus, tG->y)) != CRYPT_OK) { goto done; } + if ((err = mp_mulmod(G->z, mu, modulus, tG->z)) != CRYPT_OK) { goto done; } + mp_clear(mu); + mu = NULL; + + /* calc the M tab */ + /* M[0] == G */ + if ((err = mp_copy(tG->x, M[0]->x)) != CRYPT_OK) { goto done; } + if ((err = mp_copy(tG->y, M[0]->y)) != CRYPT_OK) { goto done; } + if ((err = mp_copy(tG->z, M[0]->z)) != CRYPT_OK) { goto done; } + /* M[1] == 2G */ + if ((err = ltc_mp.ecc_ptdbl(tG, M[1], modulus, mp)) != CRYPT_OK) { goto done; } + + /* setup sliding window */ + mode = 0; + bitcnt = 1; + buf = 0; + digidx = mp_get_digit_count(k) - 1; + bitcpy = bitbuf = 0; + first = 1; + + /* perform ops */ + for (;;) { + /* grab next digit as required */ + if (--bitcnt == 0) { + if (digidx == -1) { + break; + } + buf = mp_get_digit(k, digidx); + bitcnt = (int) MP_DIGIT_BIT; + --digidx; + } + + /* grab the next msb from the ltiplicand */ + i = (buf >> (MP_DIGIT_BIT - 1)) & 1; + buf <<= 1; + + if (mode == 0 && i == 0) { + /* dummy operations */ + if ((err = ltc_mp.ecc_ptadd(M[0], M[1], M[2], modulus, mp)) != CRYPT_OK) { goto done; } + if ((err = ltc_mp.ecc_ptdbl(M[1], M[2], modulus, mp)) != CRYPT_OK) { goto done; } + continue; + } + + if (mode == 0 && i == 1) { + mode = 1; + /* dummy operations */ + if ((err = ltc_mp.ecc_ptadd(M[0], M[1], M[2], modulus, mp)) != CRYPT_OK) { goto done; } + if ((err = ltc_mp.ecc_ptdbl(M[1], M[2], modulus, mp)) != CRYPT_OK) { goto done; } + continue; + } + + if ((err = ltc_mp.ecc_ptadd(M[0], M[1], M[i^1], modulus, mp)) != CRYPT_OK) { goto done; } + if ((err = ltc_mp.ecc_ptdbl(M[i], M[i], modulus, mp)) != CRYPT_OK) { goto done; } + } + + /* copy result out */ + if ((err = mp_copy(M[0]->x, R->x)) != CRYPT_OK) { goto done; } + if ((err = mp_copy(M[0]->y, R->y)) != CRYPT_OK) { goto done; } + if ((err = mp_copy(M[0]->z, R->z)) != CRYPT_OK) { goto done; } + + /* map R back from projective space */ + if (map) { + err = ltc_ecc_map(R, modulus, mp); + } else { + err = CRYPT_OK; + } +done: + if (mu != NULL) { + mp_clear(mu); + } + mp_montgomery_free(mp); + ltc_ecc_del_point(tG); + for (i = 0; i < 3; i++) { + ltc_ecc_del_point(M[i]); + } + return err; +} + +#endif +#endif +/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ltc_ecc_mulmod_timing.c,v $ */ +/* $Revision: 1.11 $ */ +/* $Date: 2006/12/04 22:17:46 $ */ + diff --git a/libtomcrypt/src/pk/ecc/ltc_ecc_points.c b/libtomcrypt/src/pk/ecc/ltc_ecc_points.c new file mode 100644 index 0000000..39f1321 --- /dev/null +++ b/libtomcrypt/src/pk/ecc/ltc_ecc_points.c @@ -0,0 +1,60 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com + */ + +/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b + * + * All curves taken from NIST recommendation paper of July 1999 + * Available at http://csrc.nist.gov/cryptval/dss.htm + */ +#include "tomcrypt.h" + +/** + @file ltc_ecc_points.c + ECC Crypto, Tom St Denis +*/ + +#ifdef MECC + +/** + Allocate a new ECC point + @return A newly allocated point or NULL on error +*/ +ecc_point *ltc_ecc_new_point(void) +{ + ecc_point *p; + p = XCALLOC(1, sizeof(*p)); + if (p == NULL) { + return NULL; + } + if (mp_init_multi(&p->x, &p->y, &p->z, NULL) != CRYPT_OK) { + XFREE(p); + return NULL; + } + return p; +} + +/** Free an ECC point from memory + @param p The point to free +*/ +void ltc_ecc_del_point(ecc_point *p) +{ + /* prevents free'ing null arguments */ + if (p != NULL) { + mp_clear_multi(p->x, p->y, p->z, NULL); /* note: p->z may be NULL but that's ok with this function anyways */ + XFREE(p); + } +} + +#endif +/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ltc_ecc_points.c,v $ */ +/* $Revision: 1.5 $ */ +/* $Date: 2006/12/04 02:19:48 $ */ + diff --git a/libtomcrypt/src/pk/ecc/ltc_ecc_projective_add_point.c b/libtomcrypt/src/pk/ecc/ltc_ecc_projective_add_point.c new file mode 100644 index 0000000..c8e359f --- /dev/null +++ b/libtomcrypt/src/pk/ecc/ltc_ecc_projective_add_point.c @@ -0,0 +1,196 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com + */ + +/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b + * + * All curves taken from NIST recommendation paper of July 1999 + * Available at http://csrc.nist.gov/cryptval/dss.htm + */ +#include "tomcrypt.h" + +/** + @file ltc_ecc_projective_add_point.c + ECC Crypto, Tom St Denis +*/ + +#if defined(MECC) && (!defined(MECC_ACCEL) || defined(LTM_DESC)) + +/** + Add two ECC points + @param P The point to add + @param Q The point to add + @param R [out] The destination of the double + @param modulus The modulus of the field the ECC curve is in + @param mp The "b" value from montgomery_setup() + @return CRYPT_OK on success +*/ +int ltc_ecc_projective_add_point(ecc_point *P, ecc_point *Q, ecc_point *R, void *modulus, void *mp) +{ + void *t1, *t2, *x, *y, *z; + int err; + + LTC_ARGCHK(P != NULL); + LTC_ARGCHK(Q != NULL); + LTC_ARGCHK(R != NULL); + LTC_ARGCHK(modulus != NULL); + LTC_ARGCHK(mp != NULL); + + if ((err = mp_init_multi(&t1, &t2, &x, &y, &z, NULL)) != CRYPT_OK) { + return err; + } + + /* should we dbl instead? */ + if ((err = mp_sub(modulus, Q->y, t1)) != CRYPT_OK) { goto done; } + + if ( (mp_cmp(P->x, Q->x) == LTC_MP_EQ) && + (Q->z != NULL && mp_cmp(P->z, Q->z) == LTC_MP_EQ) && + (mp_cmp(P->y, Q->y) == LTC_MP_EQ || mp_cmp(P->y, t1) == LTC_MP_EQ)) { + mp_clear_multi(t1, t2, x, y, z, NULL); + return ltc_ecc_projective_dbl_point(P, R, modulus, mp); + } + + if ((err = mp_copy(P->x, x)) != CRYPT_OK) { goto done; } + if ((err = mp_copy(P->y, y)) != CRYPT_OK) { goto done; } + if ((err = mp_copy(P->z, z)) != CRYPT_OK) { goto done; } + + /* if Z is one then these are no-operations */ + if (Q->z != NULL) { + /* T1 = Z' * Z' */ + if ((err = mp_sqr(Q->z, t1)) != CRYPT_OK) { goto done; } + if ((err = mp_montgomery_reduce(t1, modulus, mp)) != CRYPT_OK) { goto done; } + /* X = X * T1 */ + if ((err = mp_mul(t1, x, x)) != CRYPT_OK) { goto done; } + if ((err = mp_montgomery_reduce(x, modulus, mp)) != CRYPT_OK) { goto done; } + /* T1 = Z' * T1 */ + if ((err = mp_mul(Q->z, t1, t1)) != CRYPT_OK) { goto done; } + if ((err = mp_montgomery_reduce(t1, modulus, mp)) != CRYPT_OK) { goto done; } + /* Y = Y * T1 */ + if ((err = mp_mul(t1, y, y)) != CRYPT_OK) { goto done; } + if ((err = mp_montgomery_reduce(y, modulus, mp)) != CRYPT_OK) { goto done; } + } + + /* T1 = Z*Z */ + if ((err = mp_sqr(z, t1)) != CRYPT_OK) { goto done; } + if ((err = mp_montgomery_reduce(t1, modulus, mp)) != CRYPT_OK) { goto done; } + /* T2 = X' * T1 */ + if ((err = mp_mul(Q->x, t1, t2)) != CRYPT_OK) { goto done; } + if ((err = mp_montgomery_reduce(t2, modulus, mp)) != CRYPT_OK) { goto done; } + /* T1 = Z * T1 */ + if ((err = mp_mul(z, t1, t1)) != CRYPT_OK) { goto done; } + if ((err = mp_montgomery_reduce(t1, modulus, mp)) != CRYPT_OK) { goto done; } + /* T1 = Y' * T1 */ + if ((err = mp_mul(Q->y, t1, t1)) != CRYPT_OK) { goto done; } + if ((err = mp_montgomery_reduce(t1, modulus, mp)) != CRYPT_OK) { goto done; } + + /* Y = Y - T1 */ + if ((err = mp_sub(y, t1, y)) != CRYPT_OK) { goto done; } + if (mp_cmp_d(y, 0) == LTC_MP_LT) { + if ((err = mp_add(y, modulus, y)) != CRYPT_OK) { goto done; } + } + /* T1 = 2T1 */ + if ((err = mp_add(t1, t1, t1)) != CRYPT_OK) { goto done; } + if (mp_cmp(t1, modulus) != LTC_MP_LT) { + if ((err = mp_sub(t1, modulus, t1)) != CRYPT_OK) { goto done; } + } + /* T1 = Y + T1 */ + if ((err = mp_add(t1, y, t1)) != CRYPT_OK) { goto done; } + if (mp_cmp(t1, modulus) != LTC_MP_LT) { + if ((err = mp_sub(t1, modulus, t1)) != CRYPT_OK) { goto done; } + } + /* X = X - T2 */ + if ((err = mp_sub(x, t2, x)) != CRYPT_OK) { goto done; } + if (mp_cmp_d(x, 0) == LTC_MP_LT) { + if ((err = mp_add(x, modulus, x)) != CRYPT_OK) { goto done; } + } + /* T2 = 2T2 */ + if ((err = mp_add(t2, t2, t2)) != CRYPT_OK) { goto done; } + if (mp_cmp(t2, modulus) != LTC_MP_LT) { + if ((err = mp_sub(t2, modulus, t2)) != CRYPT_OK) { goto done; } + } + /* T2 = X + T2 */ + if ((err = mp_add(t2, x, t2)) != CRYPT_OK) { goto done; } + if (mp_cmp(t2, modulus) != LTC_MP_LT) { + if ((err = mp_sub(t2, modulus, t2)) != CRYPT_OK) { goto done; } + } + + /* if Z' != 1 */ + if (Q->z != NULL) { + /* Z = Z * Z' */ + if ((err = mp_mul(z, Q->z, z)) != CRYPT_OK) { goto done; } + if ((err = mp_montgomery_reduce(z, modulus, mp)) != CRYPT_OK) { goto done; } + } + + /* Z = Z * X */ + if ((err = mp_mul(z, x, z)) != CRYPT_OK) { goto done; } + if ((err = mp_montgomery_reduce(z, modulus, mp)) != CRYPT_OK) { goto done; } + + /* T1 = T1 * X */ + if ((err = mp_mul(t1, x, t1)) != CRYPT_OK) { goto done; } + if ((err = mp_montgomery_reduce(t1, modulus, mp)) != CRYPT_OK) { goto done; } + /* X = X * X */ + if ((err = mp_sqr(x, x)) != CRYPT_OK) { goto done; } + if ((err = mp_montgomery_reduce(x, modulus, mp)) != CRYPT_OK) { goto done; } + /* T2 = T2 * x */ + if ((err = mp_mul(t2, x, t2)) != CRYPT_OK) { goto done; } + if ((err = mp_montgomery_reduce(t2, modulus, mp)) != CRYPT_OK) { goto done; } + /* T1 = T1 * X */ + if ((err = mp_mul(t1, x, t1)) != CRYPT_OK) { goto done; } + if ((err = mp_montgomery_reduce(t1, modulus, mp)) != CRYPT_OK) { goto done; } + + /* X = Y*Y */ + if ((err = mp_sqr(y, x)) != CRYPT_OK) { goto done; } + if ((err = mp_montgomery_reduce(x, modulus, mp)) != CRYPT_OK) { goto done; } + /* X = X - T2 */ + if ((err = mp_sub(x, t2, x)) != CRYPT_OK) { goto done; } + if (mp_cmp_d(x, 0) == LTC_MP_LT) { + if ((err = mp_add(x, modulus, x)) != CRYPT_OK) { goto done; } + } + + /* T2 = T2 - X */ + if ((err = mp_sub(t2, x, t2)) != CRYPT_OK) { goto done; } + if (mp_cmp_d(t2, 0) == LTC_MP_LT) { + if ((err = mp_add(t2, modulus, t2)) != CRYPT_OK) { goto done; } + } + /* T2 = T2 - X */ + if ((err = mp_sub(t2, x, t2)) != CRYPT_OK) { goto done; } + if (mp_cmp_d(t2, 0) == LTC_MP_LT) { + if ((err = mp_add(t2, modulus, t2)) != CRYPT_OK) { goto done; } + } + /* T2 = T2 * Y */ + if ((err = mp_mul(t2, y, t2)) != CRYPT_OK) { goto done; } + if ((err = mp_montgomery_reduce(t2, modulus, mp)) != CRYPT_OK) { goto done; } + /* Y = T2 - T1 */ + if ((err = mp_sub(t2, t1, y)) != CRYPT_OK) { goto done; } + if (mp_cmp_d(y, 0) == LTC_MP_LT) { + if ((err = mp_add(y, modulus, y)) != CRYPT_OK) { goto done; } + } + /* Y = Y/2 */ + if (mp_isodd(y)) { + if ((err = mp_add(y, modulus, y)) != CRYPT_OK) { goto done; } + } + if ((err = mp_div_2(y, y)) != CRYPT_OK) { goto done; } + + if ((err = mp_copy(x, R->x)) != CRYPT_OK) { goto done; } + if ((err = mp_copy(y, R->y)) != CRYPT_OK) { goto done; } + if ((err = mp_copy(z, R->z)) != CRYPT_OK) { goto done; } + + err = CRYPT_OK; +done: + mp_clear_multi(t1, t2, x, y, z, NULL); + return err; +} + +#endif + +/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ltc_ecc_projective_add_point.c,v $ */ +/* $Revision: 1.13 $ */ +/* $Date: 2006/12/04 05:07:59 $ */ + diff --git a/libtomcrypt/src/pk/ecc/ltc_ecc_projective_dbl_point.c b/libtomcrypt/src/pk/ecc/ltc_ecc_projective_dbl_point.c new file mode 100644 index 0000000..f0b3e1d --- /dev/null +++ b/libtomcrypt/src/pk/ecc/ltc_ecc_projective_dbl_point.c @@ -0,0 +1,147 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com + */ + +/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b + * + * All curves taken from NIST recommendation paper of July 1999 + * Available at http://csrc.nist.gov/cryptval/dss.htm + */ +#include "tomcrypt.h" + +/** + @file ltc_ecc_projective_dbl_point.c + ECC Crypto, Tom St Denis +*/ + +#if defined(MECC) && (!defined(MECC_ACCEL) || defined(LTM_DESC)) + +/** + Double an ECC point + @param P The point to double + @param R [out] The destination of the double + @param modulus The modulus of the field the ECC curve is in + @param mp The "b" value from montgomery_setup() + @return CRYPT_OK on success +*/ +int ltc_ecc_projective_dbl_point(ecc_point *P, ecc_point *R, void *modulus, void *mp) +{ + void *t1, *t2; + int err; + + LTC_ARGCHK(P != NULL); + LTC_ARGCHK(R != NULL); + LTC_ARGCHK(modulus != NULL); + LTC_ARGCHK(mp != NULL); + + if ((err = mp_init_multi(&t1, &t2, NULL)) != CRYPT_OK) { + return err; + } + + if (P != R) { + if ((err = mp_copy(P->x, R->x)) != CRYPT_OK) { goto done; } + if ((err = mp_copy(P->y, R->y)) != CRYPT_OK) { goto done; } + if ((err = mp_copy(P->z, R->z)) != CRYPT_OK) { goto done; } + } + + /* t1 = Z * Z */ + if ((err = mp_sqr(R->z, t1)) != CRYPT_OK) { goto done; } + if ((err = mp_montgomery_reduce(t1, modulus, mp)) != CRYPT_OK) { goto done; } + /* Z = Y * Z */ + if ((err = mp_mul(R->z, R->y, R->z)) != CRYPT_OK) { goto done; } + if ((err = mp_montgomery_reduce(R->z, modulus, mp)) != CRYPT_OK) { goto done; } + /* Z = 2Z */ + if ((err = mp_add(R->z, R->z, R->z)) != CRYPT_OK) { goto done; } + if (mp_cmp(R->z, modulus) != LTC_MP_LT) { + if ((err = mp_sub(R->z, modulus, R->z)) != CRYPT_OK) { goto done; } + } + + /* T2 = X - T1 */ + if ((err = mp_sub(R->x, t1, t2)) != CRYPT_OK) { goto done; } + if (mp_cmp_d(t2, 0) == LTC_MP_LT) { + if ((err = mp_add(t2, modulus, t2)) != CRYPT_OK) { goto done; } + } + /* T1 = X + T1 */ + if ((err = mp_add(t1, R->x, t1)) != CRYPT_OK) { goto done; } + if (mp_cmp(t1, modulus) != LTC_MP_LT) { + if ((err = mp_sub(t1, modulus, t1)) != CRYPT_OK) { goto done; } + } + /* T2 = T1 * T2 */ + if ((err = mp_mul(t1, t2, t2)) != CRYPT_OK) { goto done; } + if ((err = mp_montgomery_reduce(t2, modulus, mp)) != CRYPT_OK) { goto done; } + /* T1 = 2T2 */ + if ((err = mp_add(t2, t2, t1)) != CRYPT_OK) { goto done; } + if (mp_cmp(t1, modulus) != LTC_MP_LT) { + if ((err = mp_sub(t1, modulus, t1)) != CRYPT_OK) { goto done; } + } + /* T1 = T1 + T2 */ + if ((err = mp_add(t1, t2, t1)) != CRYPT_OK) { goto done; } + if (mp_cmp(t1, modulus) != LTC_MP_LT) { + if ((err = mp_sub(t1, modulus, t1)) != CRYPT_OK) { goto done; } + } + + /* Y = 2Y */ + if ((err = mp_add(R->y, R->y, R->y)) != CRYPT_OK) { goto done; } + if (mp_cmp(R->y, modulus) != LTC_MP_LT) { + if ((err = mp_sub(R->y, modulus, R->y)) != CRYPT_OK) { goto done; } + } + /* Y = Y * Y */ + if ((err = mp_sqr(R->y, R->y)) != CRYPT_OK) { goto done; } + if ((err = mp_montgomery_reduce(R->y, modulus, mp)) != CRYPT_OK) { goto done; } + /* T2 = Y * Y */ + if ((err = mp_sqr(R->y, t2)) != CRYPT_OK) { goto done; } + if ((err = mp_montgomery_reduce(t2, modulus, mp)) != CRYPT_OK) { goto done; } + /* T2 = T2/2 */ + if (mp_isodd(t2)) { + if ((err = mp_add(t2, modulus, t2)) != CRYPT_OK) { goto done; } + } + if ((err = mp_div_2(t2, t2)) != CRYPT_OK) { goto done; } + /* Y = Y * X */ + if ((err = mp_mul(R->y, R->x, R->y)) != CRYPT_OK) { goto done; } + if ((err = mp_montgomery_reduce(R->y, modulus, mp)) != CRYPT_OK) { goto done; } + + /* X = T1 * T1 */ + if ((err = mp_sqr(t1, R->x)) != CRYPT_OK) { goto done; } + if ((err = mp_montgomery_reduce(R->x, modulus, mp)) != CRYPT_OK) { goto done; } + /* X = X - Y */ + if ((err = mp_sub(R->x, R->y, R->x)) != CRYPT_OK) { goto done; } + if (mp_cmp_d(R->x, 0) == LTC_MP_LT) { + if ((err = mp_add(R->x, modulus, R->x)) != CRYPT_OK) { goto done; } + } + /* X = X - Y */ + if ((err = mp_sub(R->x, R->y, R->x)) != CRYPT_OK) { goto done; } + if (mp_cmp_d(R->x, 0) == LTC_MP_LT) { + if ((err = mp_add(R->x, modulus, R->x)) != CRYPT_OK) { goto done; } + } + + /* Y = Y - X */ + if ((err = mp_sub(R->y, R->x, R->y)) != CRYPT_OK) { goto done; } + if (mp_cmp_d(R->y, 0) == LTC_MP_LT) { + if ((err = mp_add(R->y, modulus, R->y)) != CRYPT_OK) { goto done; } + } + /* Y = Y * T1 */ + if ((err = mp_mul(R->y, t1, R->y)) != CRYPT_OK) { goto done; } + if ((err = mp_montgomery_reduce(R->y, modulus, mp)) != CRYPT_OK) { goto done; } + /* Y = Y - T2 */ + if ((err = mp_sub(R->y, t2, R->y)) != CRYPT_OK) { goto done; } + if (mp_cmp_d(R->y, 0) == LTC_MP_LT) { + if ((err = mp_add(R->y, modulus, R->y)) != CRYPT_OK) { goto done; } + } + + err = CRYPT_OK; +done: + mp_clear_multi(t1, t2, NULL); + return err; +} +#endif +/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ltc_ecc_projective_dbl_point.c,v $ */ +/* $Revision: 1.8 $ */ +/* $Date: 2006/12/04 05:07:59 $ */ + diff --git a/libtomcrypt/src/pk/katja/katja_decrypt_key.c b/libtomcrypt/src/pk/katja/katja_decrypt_key.c new file mode 100644 index 0000000..1e10d6c --- /dev/null +++ b/libtomcrypt/src/pk/katja/katja_decrypt_key.c @@ -0,0 +1,105 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com + */ +#include "tomcrypt.h" + +/** + @file katja_decrypt_key.c + Katja PKCS #1 OAEP Decryption, Tom St Denis +*/ + +#ifdef MKAT + +/** + (PKCS #1 v2.0) decrypt then OAEP depad + @param in The ciphertext + @param inlen The length of the ciphertext (octets) + @param out [out] The plaintext + @param outlen [in/out] The max size and resulting size of the plaintext (octets) + @param lparam The system "lparam" value + @param lparamlen The length of the lparam value (octets) + @param hash_idx The index of the hash desired + @param stat [out] Result of the decryption, 1==valid, 0==invalid + @param key The corresponding private Katja key + @return CRYPT_OK if succcessul (even if invalid) +*/ +int katja_decrypt_key(const unsigned char *in, unsigned long inlen, + unsigned char *out, unsigned long *outlen, + const unsigned char *lparam, unsigned long lparamlen, + int hash_idx, int *stat, + katja_key *key) +{ + unsigned long modulus_bitlen, modulus_bytelen, x; + int err; + unsigned char *tmp; + + LTC_ARGCHK(out != NULL); + LTC_ARGCHK(outlen != NULL); + LTC_ARGCHK(key != NULL); + LTC_ARGCHK(stat != NULL); + + /* default to invalid */ + *stat = 0; + + /* valid hash ? */ + if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) { + return err; + } + + /* get modulus len in bits */ + modulus_bitlen = mp_count_bits( (key->N)); + + /* payload is upto pq, so we know q is 1/3rd the size of N and therefore pq is 2/3th the size */ + modulus_bitlen = ((modulus_bitlen << 1) / 3); + + /* round down to next byte */ + modulus_bitlen -= (modulus_bitlen & 7) + 8; + + /* outlen must be at least the size of the modulus */ + modulus_bytelen = mp_unsigned_bin_size( (key->N)); + if (modulus_bytelen != inlen) { + return CRYPT_INVALID_PACKET; + } + + /* allocate ram */ + tmp = XMALLOC(inlen); + if (tmp == NULL) { + return CRYPT_MEM; + } + + /* rsa decode the packet */ + x = inlen; + if ((err = katja_exptmod(in, inlen, tmp, &x, PK_PRIVATE, key)) != CRYPT_OK) { + XFREE(tmp); + return err; + } + + /* shift right by modulus_bytelen - modulus_bitlen/8 bytes */ + for (x = 0; x < (modulus_bitlen >> 3); x++) { + tmp[x] = tmp[x+(modulus_bytelen-(modulus_bitlen>>3))]; + } + + /* now OAEP decode the packet */ + err = pkcs_1_oaep_decode(tmp, x, lparam, lparamlen, modulus_bitlen, hash_idx, + out, outlen, stat); + + XFREE(tmp); + return err; +} + +#endif /* MRSA */ + + + + + +/* $Source: /cvs/libtom/libtomcrypt/src/pk/katja/katja_decrypt_key.c,v $ */ +/* $Revision: 1.4 $ */ +/* $Date: 2006/03/31 14:15:35 $ */ diff --git a/libtomcrypt/src/pk/katja/katja_encrypt_key.c b/libtomcrypt/src/pk/katja/katja_encrypt_key.c new file mode 100644 index 0000000..ce93356 --- /dev/null +++ b/libtomcrypt/src/pk/katja/katja_encrypt_key.c @@ -0,0 +1,87 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com + */ +#include "tomcrypt.h" + +/** + @file katja_encrypt_key.c + Katja PKCS-style OAEP encryption, Tom St Denis +*/ + +#ifdef MKAT + +/** + (PKCS #1 v2.0) OAEP pad then encrypt + @param in The plaintext + @param inlen The length of the plaintext (octets) + @param out [out] The ciphertext + @param outlen [in/out] The max size and resulting size of the ciphertext + @param lparam The system "lparam" for the encryption + @param lparamlen The length of lparam (octets) + @param prng An active PRNG + @param prng_idx The index of the desired prng + @param hash_idx The index of the desired hash + @param key The Katja key to encrypt to + @return CRYPT_OK if successful +*/ +int katja_encrypt_key(const unsigned char *in, unsigned long inlen, + unsigned char *out, unsigned long *outlen, + const unsigned char *lparam, unsigned long lparamlen, + prng_state *prng, int prng_idx, int hash_idx, katja_key *key) +{ + unsigned long modulus_bitlen, modulus_bytelen, x; + int err; + + LTC_ARGCHK(in != NULL); + LTC_ARGCHK(out != NULL); + LTC_ARGCHK(outlen != NULL); + LTC_ARGCHK(key != NULL); + + /* valid prng and hash ? */ + if ((err = prng_is_valid(prng_idx)) != CRYPT_OK) { + return err; + } + if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) { + return err; + } + + /* get modulus len in bits */ + modulus_bitlen = mp_count_bits((key->N)); + + /* payload is upto pq, so we know q is 1/3rd the size of N and therefore pq is 2/3th the size */ + modulus_bitlen = ((modulus_bitlen << 1) / 3); + + /* round down to next byte */ + modulus_bitlen -= (modulus_bitlen & 7) + 8; + + /* outlen must be at least the size of the modulus */ + modulus_bytelen = mp_unsigned_bin_size((key->N)); + if (modulus_bytelen > *outlen) { + *outlen = modulus_bytelen; + return CRYPT_BUFFER_OVERFLOW; + } + + /* OAEP pad the key */ + x = *outlen; + if ((err = pkcs_1_oaep_encode(in, inlen, lparam, + lparamlen, modulus_bitlen, prng, prng_idx, hash_idx, + out, &x)) != CRYPT_OK) { + return err; + } + + /* Katja exptmod the OAEP pad */ + return katja_exptmod(out, x, out, outlen, PK_PUBLIC, key); +} + +#endif /* MRSA */ + +/* $Source: /cvs/libtom/libtomcrypt/src/pk/katja/katja_encrypt_key.c,v $ */ +/* $Revision: 1.5 $ */ +/* $Date: 2006/06/16 21:53:41 $ */ diff --git a/libtomcrypt/src/pk/katja/katja_export.c b/libtomcrypt/src/pk/katja/katja_export.c new file mode 100644 index 0000000..9e55654 --- /dev/null +++ b/libtomcrypt/src/pk/katja/katja_export.c @@ -0,0 +1,75 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com + */ +#include "tomcrypt.h" + +/** + @file katja_export.c + Export Katja PKCS-style keys, Tom St Denis +*/ + +#ifdef MKAT + +/** + This will export either an KatjaPublicKey or KatjaPrivateKey + @param out [out] Destination of the packet + @param outlen [in/out] The max size and resulting size of the packet + @param type The type of exported key (PK_PRIVATE or PK_PUBLIC) + @param key The Katja key to export + @return CRYPT_OK if successful +*/ +int katja_export(unsigned char *out, unsigned long *outlen, int type, katja_key *key) +{ + int err; + unsigned long zero=0; + + LTC_ARGCHK(out != NULL); + LTC_ARGCHK(outlen != NULL); + LTC_ARGCHK(key != NULL); + + /* type valid? */ + if (!(key->type == PK_PRIVATE) && (type == PK_PRIVATE)) { + return CRYPT_PK_INVALID_TYPE; + } + + if (type == PK_PRIVATE) { + /* private key */ + /* output is + Version, n, d, p, q, d mod (p-1), d mod (q - 1), 1/q mod p, pq + */ + if ((err = der_encode_sequence_multi(out, outlen, + LTC_ASN1_SHORT_INTEGER, 1UL, &zero, + LTC_ASN1_INTEGER, 1UL, key->N, + LTC_ASN1_INTEGER, 1UL, key->d, + LTC_ASN1_INTEGER, 1UL, key->p, + LTC_ASN1_INTEGER, 1UL, key->q, + LTC_ASN1_INTEGER, 1UL, key->dP, + LTC_ASN1_INTEGER, 1UL, key->dQ, + LTC_ASN1_INTEGER, 1UL, key->qP, + LTC_ASN1_INTEGER, 1UL, key->pq, + LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { + return err; + } + + /* clear zero and return */ + return CRYPT_OK; + } else { + /* public key */ + return der_encode_sequence_multi(out, outlen, + LTC_ASN1_INTEGER, 1UL, key->N, + LTC_ASN1_EOL, 0UL, NULL); + } +} + +#endif /* MRSA */ + +/* $Source: /cvs/libtom/libtomcrypt/src/pk/katja/katja_export.c,v $ */ +/* $Revision: 1.2 $ */ +/* $Date: 2006/03/31 14:15:35 $ */ diff --git a/libtomcrypt/src/pk/katja/katja_exptmod.c b/libtomcrypt/src/pk/katja/katja_exptmod.c new file mode 100644 index 0000000..8cc47d8 --- /dev/null +++ b/libtomcrypt/src/pk/katja/katja_exptmod.c @@ -0,0 +1,115 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com + */ +#include "tomcrypt.h" + +/** + @file katja_exptmod.c + Katja PKCS-style exptmod, Tom St Denis +*/ + +#ifdef MKAT + +/** + Compute an RSA modular exponentiation + @param in The input data to send into RSA + @param inlen The length of the input (octets) + @param out [out] The destination + @param outlen [in/out] The max size and resulting size of the output + @param which Which exponent to use, e.g. PK_PRIVATE or PK_PUBLIC + @param key The RSA key to use + @return CRYPT_OK if successful +*/ +int katja_exptmod(const unsigned char *in, unsigned long inlen, + unsigned char *out, unsigned long *outlen, int which, + katja_key *key) +{ + void *tmp, *tmpa, *tmpb; + unsigned long x; + int err; + + LTC_ARGCHK(in != NULL); + LTC_ARGCHK(out != NULL); + LTC_ARGCHK(outlen != NULL); + LTC_ARGCHK(key != NULL); + + /* is the key of the right type for the operation? */ + if (which == PK_PRIVATE && (key->type != PK_PRIVATE)) { + return CRYPT_PK_NOT_PRIVATE; + } + + /* must be a private or public operation */ + if (which != PK_PRIVATE && which != PK_PUBLIC) { + return CRYPT_PK_INVALID_TYPE; + } + + /* init and copy into tmp */ + if ((err = mp_init_multi(&tmp, &tmpa, &tmpb, NULL)) != CRYPT_OK) { return err; } + if ((err = mp_read_unsigned_bin(tmp, (unsigned char *)in, (int)inlen)) != CRYPT_OK) { goto error; } + + /* sanity check on the input */ + if (mp_cmp(key->N, tmp) == LTC_MP_LT) { + err = CRYPT_PK_INVALID_SIZE; + goto done; + } + + /* are we using the private exponent and is the key optimized? */ + if (which == PK_PRIVATE) { + /* tmpa = tmp^dP mod p */ + if ((err = mp_exptmod(tmp, key->dP, key->p, tmpa)) != CRYPT_OK) { goto error; } + + /* tmpb = tmp^dQ mod q */ + if ((err = mp_exptmod(tmp, key->dQ, key->q, tmpb)) != CRYPT_OK) { goto error; } + + /* tmp = (tmpa - tmpb) * qInv (mod p) */ + if ((err = mp_sub(tmpa, tmpb, tmp)) != CRYPT_OK) { goto error; } + if ((err = mp_mulmod(tmp, key->qP, key->p, tmp)) != CRYPT_OK) { goto error; } + + /* tmp = tmpb + q * tmp */ + if ((err = mp_mul(tmp, key->q, tmp)) != CRYPT_OK) { goto error; } + if ((err = mp_add(tmp, tmpb, tmp)) != CRYPT_OK) { goto error; } + } else { + /* exptmod it */ + if ((err = mp_exptmod(tmp, key->N, key->N, tmp)) != CRYPT_OK) { goto error; } + } + + /* read it back */ + x = (unsigned long)mp_unsigned_bin_size(key->N); + if (x > *outlen) { + *outlen = x; + err = CRYPT_BUFFER_OVERFLOW; + goto done; + } + + /* this should never happen ... */ + if (mp_unsigned_bin_size(tmp) > mp_unsigned_bin_size(key->N)) { + err = CRYPT_ERROR; + goto done; + } + *outlen = x; + + /* convert it */ + zeromem(out, x); + if ((err = mp_to_unsigned_bin(tmp, out+(x-mp_unsigned_bin_size(tmp)))) != CRYPT_OK) { goto error; } + + /* clean up and return */ + err = CRYPT_OK; + goto done; +error: +done: + mp_clear_multi(tmp, tmpa, tmpb, NULL); + return err; +} + +#endif + +/* $Source: /cvs/libtom/libtomcrypt/src/pk/katja/katja_exptmod.c,v $ */ +/* $Revision: 1.5 $ */ +/* $Date: 2006/06/16 21:53:41 $ */ diff --git a/libtomcrypt/src/pk/katja/katja_free.c b/libtomcrypt/src/pk/katja/katja_free.c new file mode 100644 index 0000000..8aed3fb --- /dev/null +++ b/libtomcrypt/src/pk/katja/katja_free.c @@ -0,0 +1,35 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com + */ +#include "tomcrypt.h" + +/** + @file katja_free.c + Free an Katja key, Tom St Denis +*/ + +#ifdef MKAT + +/** + Free an Katja key from memory + @param key The RSA key to free +*/ +void katja_free(katja_key *key) +{ + LTC_ARGCHK(key != NULL); + mp_clear_multi( key->d, key->N, key->dQ, key->dP, + key->qP, key->p, key->q, key->pq, NULL); +} + +#endif + +/* $Source: /cvs/libtom/libtomcrypt/src/pk/katja/katja_free.c,v $ */ +/* $Revision: 1.2 $ */ +/* $Date: 2006/03/31 14:15:35 $ */ diff --git a/libtomcrypt/src/pk/katja/katja_import.c b/libtomcrypt/src/pk/katja/katja_import.c new file mode 100644 index 0000000..efdbe07 --- /dev/null +++ b/libtomcrypt/src/pk/katja/katja_import.c @@ -0,0 +1,81 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com + */ +#include "tomcrypt.h" + +/** + @file katja_import.c + Import a PKCS-style Katja key, Tom St Denis +*/ + +#ifdef MKAT + +/** + Import an KatjaPublicKey or KatjaPrivateKey [two-prime only, only support >= 1024-bit keys, defined in PKCS #1 v2.1] + @param in The packet to import from + @param inlen It's length (octets) + @param key [out] Destination for newly imported key + @return CRYPT_OK if successful, upon error allocated memory is freed +*/ +int katja_import(const unsigned char *in, unsigned long inlen, katja_key *key) +{ + int err; + void *zero; + + LTC_ARGCHK(in != NULL); + LTC_ARGCHK(key != NULL); + LTC_ARGCHK(ltc_mp.name != NULL); + + /* init key */ + if ((err = mp_init_multi(&zero, &key->d, &key->N, &key->dQ, + &key->dP, &key->qP, &key->p, &key->q, &key->pq, NULL)) != CRYPT_OK) { + return err; + } + + if ((err = der_decode_sequence_multi(in, inlen, + LTC_ASN1_INTEGER, 1UL, key->N, + LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { + goto LBL_ERR; + } + + if (mp_cmp_d(key->N, 0) == LTC_MP_EQ) { + /* it's a private key */ + if ((err = der_decode_sequence_multi(in, inlen, + LTC_ASN1_INTEGER, 1UL, zero, + LTC_ASN1_INTEGER, 1UL, key->N, + LTC_ASN1_INTEGER, 1UL, key->d, + LTC_ASN1_INTEGER, 1UL, key->p, + LTC_ASN1_INTEGER, 1UL, key->q, + LTC_ASN1_INTEGER, 1UL, key->dP, + LTC_ASN1_INTEGER, 1UL, key->dQ, + LTC_ASN1_INTEGER, 1UL, key->qP, + LTC_ASN1_INTEGER, 1UL, key->pq, + LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { + goto LBL_ERR; + } + key->type = PK_PRIVATE; + } else { + /* public we have N */ + key->type = PK_PUBLIC; + } + mp_clear(zero); + return CRYPT_OK; +LBL_ERR: + mp_clear_multi(zero, key->d, key->N, key->dQ, key->dP, + key->qP, key->p, key->q, key->pq, NULL); + return err; +} + +#endif /* MRSA */ + + +/* $Source: /cvs/libtom/libtomcrypt/src/pk/katja/katja_import.c,v $ */ +/* $Revision: 1.3 $ */ +/* $Date: 2006/03/31 14:15:35 $ */ diff --git a/libtomcrypt/src/pk/katja/katja_make_key.c b/libtomcrypt/src/pk/katja/katja_make_key.c new file mode 100644 index 0000000..08016c8 --- /dev/null +++ b/libtomcrypt/src/pk/katja/katja_make_key.c @@ -0,0 +1,101 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com + */ +#include "tomcrypt.h" + +/** + @file katja_make_key.c + Katja key generation, Tom St Denis +*/ + +#ifdef MKAT + +/** + Create a Katja key + @param prng An active PRNG state + @param wprng The index of the PRNG desired + @param size The size of the modulus (key size) desired (octets) + @param key [out] Destination of a newly created private key pair + @return CRYPT_OK if successful, upon error all allocated ram is freed +*/ +int katja_make_key(prng_state *prng, int wprng, int size, katja_key *key) +{ + void *p, *q, *tmp1, *tmp2; + int err; + + LTC_ARGCHK(key != NULL); + LTC_ARGCHK(ltc_mp.name != NULL); + + if ((size < (MIN_KAT_SIZE/8)) || (size > (MAX_KAT_SIZE/8))) { + return CRYPT_INVALID_KEYSIZE; + } + + if ((err = prng_is_valid(wprng)) != CRYPT_OK) { + return err; + } + + if ((err = mp_init_multi(&p, &q, &tmp1, &tmp2, NULL)) != CRYPT_OK) { + return err; + } + + /* divide size by three */ + size = (((size << 3) / 3) + 7) >> 3; + + /* make prime "q" (we negate size to make q == 3 mod 4) */ + if ((err = rand_prime(q, -size, prng, wprng)) != CRYPT_OK) { goto done; } + if ((err = mp_sub_d(q, 1, tmp1)) != CRYPT_OK) { goto done; } + + /* make prime "p" */ + do { + if ((err = rand_prime(p, size+1, prng, wprng)) != CRYPT_OK) { goto done; } + if ((err = mp_gcd(p, tmp1, tmp2)) != CRYPT_OK) { goto done; } + } while (mp_cmp_d(tmp2, 1) != LTC_MP_EQ); + + /* make key */ + if ((err = mp_init_multi(&key->d, &key->N, &key->dQ, &key->dP, + &key->qP, &key->p, &key->q, &key->pq, NULL)) != CRYPT_OK) { + goto error; + } + + /* n=p^2q and 1/n mod pq */ + if ((err = mp_copy( p, key->p)) != CRYPT_OK) { goto error2; } + if ((err = mp_copy( q, key->q)) != CRYPT_OK) { goto error2; } + if ((err = mp_mul(key->p, key->q, key->pq)) != CRYPT_OK) { goto error2; } /* tmp1 = pq */ + if ((err = mp_mul(key->pq, key->p, key->N)) != CRYPT_OK) { goto error2; } /* N = p^2q */ + if ((err = mp_sub_d( p, 1, tmp1)) != CRYPT_OK) { goto error2; } /* tmp1 = q-1 */ + if ((err = mp_sub_d( q, 1, tmp2)) != CRYPT_OK) { goto error2; } /* tmp2 = p-1 */ + if ((err = mp_lcm(tmp1, tmp2, key->d)) != CRYPT_OK) { goto error2; } /* tmp1 = lcd(p-1,q-1) */ + if ((err = mp_invmod( key->N, key->d, key->d)) != CRYPT_OK) { goto error2; } /* key->d = 1/N mod pq */ + + /* optimize for CRT now */ + /* find d mod q-1 and d mod p-1 */ + if ((err = mp_mod( key->d, tmp1, key->dP)) != CRYPT_OK) { goto error2; } /* dP = d mod p-1 */ + if ((err = mp_mod( key->d, tmp2, key->dQ)) != CRYPT_OK) { goto error2; } /* dQ = d mod q-1 */ + if ((err = mp_invmod( q, p, key->qP)) != CRYPT_OK) { goto error2; } /* qP = 1/q mod p */ + + /* set key type (in this case it's CRT optimized) */ + key->type = PK_PRIVATE; + + /* return ok and free temps */ + err = CRYPT_OK; + goto done; +error2: + mp_clear_multi( key->d, key->N, key->dQ, key->dP, key->qP, key->p, key->q, key->pq, NULL); +error: +done: + mp_clear_multi( tmp2, tmp1, p, q, NULL); + return err; +} + +#endif + +/* $Source: /cvs/libtom/libtomcrypt/src/pk/katja/katja_make_key.c,v $ */ +/* $Revision: 1.10 $ */ +/* $Date: 2006/03/31 14:15:35 $ */ diff --git a/libtomcrypt/src/pk/packet_store_header.c b/libtomcrypt/src/pk/packet_store_header.c deleted file mode 100644 index 855ca70..0000000 --- a/libtomcrypt/src/pk/packet_store_header.c +++ /dev/null @@ -1,33 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org - */ -#include "tomcrypt.h" - -#ifdef PACKET - -void packet_store_header(unsigned char *dst, int section, int subsection) -{ - LTC_ARGCHK(dst != NULL); - - /* store version number */ - dst[0] = (unsigned char)(CRYPT&255); - dst[1] = (unsigned char)((CRYPT>>8)&255); - - /* store section and subsection */ - dst[2] = (unsigned char)(section & 255); - dst[3] = (unsigned char)(subsection & 255); - -} - -#endif - -/* $Source: /cvs/libtom/libtomcrypt/src/pk/packet_store_header.c,v $ */ -/* $Revision: 1.3 $ */ -/* $Date: 2005/05/05 14:35:59 $ */ diff --git a/libtomcrypt/src/pk/packet_valid_header.c b/libtomcrypt/src/pk/packet_valid_header.c deleted file mode 100644 index 59db0f7..0000000 --- a/libtomcrypt/src/pk/packet_valid_header.c +++ /dev/null @@ -1,41 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org - */ -#include "tomcrypt.h" - -#ifdef PACKET - -int packet_valid_header(unsigned char *src, int section, int subsection) -{ - unsigned long ver; - - LTC_ARGCHK(src != NULL); - - /* check version */ - ver = ((unsigned long)src[0]) | ((unsigned long)src[1] << 8U); - if (CRYPT < ver) { - return CRYPT_INVALID_PACKET; - } - - /* check section and subsection */ - if (section != (int)src[2] || subsection != (int)src[3]) { - return CRYPT_INVALID_PACKET; - } - - return CRYPT_OK; -} - -#endif - - - -/* $Source: /cvs/libtom/libtomcrypt/src/pk/packet_valid_header.c,v $ */ -/* $Revision: 1.3 $ */ -/* $Date: 2005/05/05 14:35:59 $ */ diff --git a/libtomcrypt/src/pk/pkcs1/pkcs_1_i2osp.c b/libtomcrypt/src/pk/pkcs1/pkcs_1_i2osp.c index 3e68eb8..4a39bd5 100644 --- a/libtomcrypt/src/pk/pkcs1/pkcs_1_i2osp.c +++ b/libtomcrypt/src/pk/pkcs1/pkcs_1_i2osp.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ #include "tomcrypt.h" @@ -28,9 +28,8 @@ @param out [out] The destination for the integer @return CRYPT_OK if successful */ -int pkcs_1_i2osp(mp_int *n, unsigned long modulus_len, unsigned char *out) +int pkcs_1_i2osp(void *n, unsigned long modulus_len, unsigned char *out) { - int err; unsigned long size; size = mp_unsigned_bin_size(n); @@ -41,15 +40,12 @@ int pkcs_1_i2osp(mp_int *n, unsigned long modulus_len, unsigned char *out) /* store it */ zeromem(out, modulus_len); - if ((err = mp_to_unsigned_bin(n, out+(modulus_len-size))) != MP_OKAY) { - return mpi_to_ltc_error(err); - } - return CRYPT_OK; + return mp_to_unsigned_bin(n, out+(modulus_len-size)); } #endif /* PKCS_1 */ /* $Source: /cvs/libtom/libtomcrypt/src/pk/pkcs1/pkcs_1_i2osp.c,v $ */ -/* $Revision: 1.3 $ */ -/* $Date: 2005/05/05 14:35:59 $ */ +/* $Revision: 1.5 $ */ +/* $Date: 2006/03/31 14:15:35 $ */ diff --git a/libtomcrypt/src/pk/pkcs1/pkcs_1_mgf1.c b/libtomcrypt/src/pk/pkcs1/pkcs_1_mgf1.c index aac7494..bfc80bd 100644 --- a/libtomcrypt/src/pk/pkcs1/pkcs_1_mgf1.c +++ b/libtomcrypt/src/pk/pkcs1/pkcs_1_mgf1.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ #include "tomcrypt.h" @@ -26,8 +26,8 @@ @param masklen The length of the mask desired @return CRYPT_OK if successful */ -int pkcs_1_mgf1(const unsigned char *seed, unsigned long seedlen, - int hash_idx, +int pkcs_1_mgf1(int hash_idx, + const unsigned char *seed, unsigned long seedlen, unsigned char *mask, unsigned long masklen) { unsigned long hLen, x; @@ -104,5 +104,5 @@ LBL_ERR: #endif /* PKCS_1 */ /* $Source: /cvs/libtom/libtomcrypt/src/pk/pkcs1/pkcs_1_mgf1.c,v $ */ -/* $Revision: 1.4 $ */ -/* $Date: 2005/05/05 14:35:59 $ */ +/* $Revision: 1.6 $ */ +/* $Date: 2006/03/31 14:15:35 $ */ diff --git a/libtomcrypt/src/pk/pkcs1/pkcs_1_oaep_decode.c b/libtomcrypt/src/pk/pkcs1/pkcs_1_oaep_decode.c index cd4931b..e70a016 100644 --- a/libtomcrypt/src/pk/pkcs1/pkcs_1_oaep_decode.c +++ b/libtomcrypt/src/pk/pkcs1/pkcs_1_oaep_decode.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ #include "tomcrypt.h" @@ -101,7 +101,7 @@ int pkcs_1_oaep_decode(const unsigned char *msg, unsigned long msglen, x += modulus_len - hLen - 1; /* compute MGF1 of maskedDB (hLen) */ - if ((err = pkcs_1_mgf1(DB, modulus_len - hLen - 1, hash_idx, mask, hLen)) != CRYPT_OK) { + if ((err = pkcs_1_mgf1(hash_idx, DB, modulus_len - hLen - 1, mask, hLen)) != CRYPT_OK) { goto LBL_ERR; } @@ -111,7 +111,7 @@ int pkcs_1_oaep_decode(const unsigned char *msg, unsigned long msglen, } /* compute MGF1 of seed (k - hlen - 1) */ - if ((err = pkcs_1_mgf1(seed, hLen, hash_idx, mask, modulus_len - hLen - 1)) != CRYPT_OK) { + if ((err = pkcs_1_mgf1(hash_idx, seed, hLen, mask, modulus_len - hLen - 1)) != CRYPT_OK) { goto LBL_ERR; } @@ -136,7 +136,7 @@ int pkcs_1_oaep_decode(const unsigned char *msg, unsigned long msglen, } /* compare the lhash'es */ - if (memcmp(seed, DB, hLen) != 0) { + if (XMEMCMP(seed, DB, hLen) != 0) { err = CRYPT_OK; goto LBL_ERR; } @@ -148,18 +148,19 @@ int pkcs_1_oaep_decode(const unsigned char *msg, unsigned long msglen, /* error out if wasn't 0x01 */ if (x == (modulus_len - hLen - 1) || DB[x] != 0x01) { - err = CRYPT_OK; + err = CRYPT_INVALID_PACKET; goto LBL_ERR; } /* rest is the message (and skip 0x01) */ - if ((modulus_len - hLen - 1) - ++x > *outlen) { + if ((modulus_len - hLen - 1 - ++x) > *outlen) { + *outlen = modulus_len - hLen - 1 - x; err = CRYPT_BUFFER_OVERFLOW; goto LBL_ERR; } /* copy message */ - *outlen = (modulus_len - hLen - 1) - x; + *outlen = modulus_len - hLen - 1 - x; XMEMCPY(out, DB + x, modulus_len - hLen - 1 - x); x += modulus_len - hLen - 1; @@ -184,5 +185,5 @@ LBL_ERR: #endif /* PKCS_1 */ /* $Source: /cvs/libtom/libtomcrypt/src/pk/pkcs1/pkcs_1_oaep_decode.c,v $ */ -/* $Revision: 1.5 $ */ -/* $Date: 2005/06/18 02:37:06 $ */ +/* $Revision: 1.11 $ */ +/* $Date: 2006/11/01 09:28:17 $ */ diff --git a/libtomcrypt/src/pk/pkcs1/pkcs_1_oaep_encode.c b/libtomcrypt/src/pk/pkcs1/pkcs_1_oaep_encode.c index 12670b5..99e1ac6 100644 --- a/libtomcrypt/src/pk/pkcs1/pkcs_1_oaep_encode.c +++ b/libtomcrypt/src/pk/pkcs1/pkcs_1_oaep_encode.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ #include "tomcrypt.h" @@ -114,7 +114,7 @@ int pkcs_1_oaep_encode(const unsigned char *msg, unsigned long msglen, } /* compute MGF1 of seed (k - hlen - 1) */ - if ((err = pkcs_1_mgf1(seed, hLen, hash_idx, mask, modulus_len - hLen - 1)) != CRYPT_OK) { + if ((err = pkcs_1_mgf1(hash_idx, seed, hLen, mask, modulus_len - hLen - 1)) != CRYPT_OK) { goto LBL_ERR; } @@ -124,7 +124,7 @@ int pkcs_1_oaep_encode(const unsigned char *msg, unsigned long msglen, } /* compute MGF1 of maskedDB (hLen) */ - if ((err = pkcs_1_mgf1(DB, modulus_len - hLen - 1, hash_idx, mask, hLen)) != CRYPT_OK) { + if ((err = pkcs_1_mgf1(hash_idx, DB, modulus_len - hLen - 1, mask, hLen)) != CRYPT_OK) { goto LBL_ERR; } @@ -135,6 +135,7 @@ int pkcs_1_oaep_encode(const unsigned char *msg, unsigned long msglen, /* create string of length modulus_len */ if (*outlen < modulus_len) { + *outlen = modulus_len; err = CRYPT_BUFFER_OVERFLOW; goto LBL_ERR; } @@ -168,5 +169,5 @@ LBL_ERR: /* $Source: /cvs/libtom/libtomcrypt/src/pk/pkcs1/pkcs_1_oaep_encode.c,v $ */ -/* $Revision: 1.4 $ */ -/* $Date: 2005/05/05 14:35:59 $ */ +/* $Revision: 1.7 $ */ +/* $Date: 2006/06/16 21:53:41 $ */ diff --git a/libtomcrypt/src/pk/pkcs1/pkcs_1_os2ip.c b/libtomcrypt/src/pk/pkcs1/pkcs_1_os2ip.c index a9a1858..563ae8d 100644 --- a/libtomcrypt/src/pk/pkcs1/pkcs_1_os2ip.c +++ b/libtomcrypt/src/pk/pkcs1/pkcs_1_os2ip.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ #include "tomcrypt.h" @@ -23,19 +23,14 @@ @param inlen The length of the binary string @return CRYPT_OK if successful */ -int pkcs_1_os2ip(mp_int *n, unsigned char *in, unsigned long inlen) +int pkcs_1_os2ip(void *n, unsigned char *in, unsigned long inlen) { - int err; - /* read it */ - if ((err = mp_read_unsigned_bin(n, in, inlen)) != MP_OKAY) { - return mpi_to_ltc_error(err); - } - return CRYPT_OK; + return mp_read_unsigned_bin(n, in, inlen); } #endif /* PKCS_1 */ /* $Source: /cvs/libtom/libtomcrypt/src/pk/pkcs1/pkcs_1_os2ip.c,v $ */ -/* $Revision: 1.3 $ */ -/* $Date: 2005/05/05 14:35:59 $ */ +/* $Revision: 1.5 $ */ +/* $Date: 2006/03/31 14:15:35 $ */ diff --git a/libtomcrypt/src/pk/pkcs1/pkcs_1_pss_decode.c b/libtomcrypt/src/pk/pkcs1/pkcs_1_pss_decode.c index e61c33f..2c16d50 100644 --- a/libtomcrypt/src/pk/pkcs1/pkcs_1_pss_decode.c +++ b/libtomcrypt/src/pk/pkcs1/pkcs_1_pss_decode.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ #include "tomcrypt.h" @@ -82,7 +82,7 @@ int pkcs_1_pss_decode(const unsigned char *msghash, unsigned long msghashlen, /* ensure the 0xBC byte */ if (sig[siglen-1] != 0xBC) { - err = CRYPT_OK; + err = CRYPT_INVALID_PACKET; goto LBL_ERR; } @@ -97,12 +97,12 @@ int pkcs_1_pss_decode(const unsigned char *msghash, unsigned long msghashlen, /* check the MSB */ if ((sig[0] & ~(0xFF >> ((modulus_len<<3) - (modulus_bitlen-1)))) != 0) { - err = CRYPT_OK; + err = CRYPT_INVALID_PACKET; goto LBL_ERR; } /* generate mask of length modulus_len - hLen - 1 from hash */ - if ((err = pkcs_1_mgf1(hash, hLen, hash_idx, mask, modulus_len - hLen - 1)) != CRYPT_OK) { + if ((err = pkcs_1_mgf1(hash_idx, hash, hLen, mask, modulus_len - hLen - 1)) != CRYPT_OK) { goto LBL_ERR; } @@ -119,14 +119,14 @@ int pkcs_1_pss_decode(const unsigned char *msghash, unsigned long msghashlen, /* check for zeroes and 0x01 */ for (x = 0; x < modulus_len - saltlen - hLen - 2; x++) { if (DB[x] != 0x00) { - err = CRYPT_OK; + err = CRYPT_INVALID_PACKET; goto LBL_ERR; } } /* check for the 0x01 */ if (DB[x++] != 0x01) { - err = CRYPT_OK; + err = CRYPT_INVALID_PACKET; goto LBL_ERR; } @@ -149,7 +149,7 @@ int pkcs_1_pss_decode(const unsigned char *msghash, unsigned long msghashlen, } /* mask == hash means valid signature */ - if (memcmp(mask, hash, hLen) == 0) { + if (XMEMCMP(mask, hash, hLen) == 0) { *res = 1; } @@ -173,5 +173,5 @@ LBL_ERR: #endif /* PKCS_1 */ /* $Source: /cvs/libtom/libtomcrypt/src/pk/pkcs1/pkcs_1_pss_decode.c,v $ */ -/* $Revision: 1.4 $ */ -/* $Date: 2005/05/05 14:35:59 $ */ +/* $Revision: 1.9 $ */ +/* $Date: 2006/11/30 02:37:21 $ */ diff --git a/libtomcrypt/src/pk/pkcs1/pkcs_1_pss_encode.c b/libtomcrypt/src/pk/pkcs1/pkcs_1_pss_encode.c index 899605c..64bd312 100644 --- a/libtomcrypt/src/pk/pkcs1/pkcs_1_pss_encode.c +++ b/libtomcrypt/src/pk/pkcs1/pkcs_1_pss_encode.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ #include "tomcrypt.h" @@ -118,7 +118,7 @@ int pkcs_1_pss_encode(const unsigned char *msghash, unsigned long msghashlen, x += saltlen; /* generate mask of length modulus_len - hLen - 1 from hash */ - if ((err = pkcs_1_mgf1(hash, hLen, hash_idx, mask, modulus_len - hLen - 1)) != CRYPT_OK) { + if ((err = pkcs_1_mgf1(hash_idx, hash, hLen, mask, modulus_len - hLen - 1)) != CRYPT_OK) { goto LBL_ERR; } @@ -129,6 +129,7 @@ int pkcs_1_pss_encode(const unsigned char *msghash, unsigned long msghashlen, /* output is DB || hash || 0xBC */ if (*outlen < modulus_len) { + *outlen = modulus_len; err = CRYPT_BUFFER_OVERFLOW; goto LBL_ERR; } @@ -170,5 +171,5 @@ LBL_ERR: #endif /* PKCS_1 */ /* $Source: /cvs/libtom/libtomcrypt/src/pk/pkcs1/pkcs_1_pss_encode.c,v $ */ -/* $Revision: 1.4 $ */ -/* $Date: 2005/05/05 14:35:59 $ */ +/* $Revision: 1.7 $ */ +/* $Date: 2006/06/16 21:53:41 $ */ diff --git a/libtomcrypt/src/pk/pkcs1/pkcs_1_v1_5_decode.c b/libtomcrypt/src/pk/pkcs1/pkcs_1_v1_5_decode.c new file mode 100644 index 0000000..b0a7c2d --- /dev/null +++ b/libtomcrypt/src/pk/pkcs1/pkcs_1_v1_5_decode.c @@ -0,0 +1,110 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com + */ +#include "tomcrypt.h" + +/** @file pkcs_1_v1_5_decode.c + * + * PKCS #1 v1.5 Padding. (Andreas Lange) + */ + +#ifdef PKCS_1 + +/** @brief PKCS #1 v1.5 decode. + * + * @param msg The encoded data to decode + * @param msglen The length of the encoded data (octets) + * @param block_type Block type to use in padding (\sa ltc_pkcs_1_v1_5_blocks) + * @param modulus_bitlen The bit length of the RSA modulus + * @param out [out] Destination of decoding + * @param outlen [in/out] The max size and resulting size of the decoding + * @param is_valid [out] Boolean whether the padding was valid + * + * @return CRYPT_OK if successful (even if invalid) + */ +int pkcs_1_v1_5_decode(const unsigned char *msg, + unsigned long msglen, + int block_type, + unsigned long modulus_bitlen, + unsigned char *out, + unsigned long *outlen, + int *is_valid) +{ + unsigned long modulus_len, ps_len, i; + int result; + + /* default to invalid packet */ + *is_valid = 0; + + modulus_len = (modulus_bitlen >> 3) + (modulus_bitlen & 7 ? 1 : 0); + + /* test message size */ + + if ((msglen > modulus_len) || (modulus_len < 11)) { + return CRYPT_PK_INVALID_SIZE; + } + + /* separate encoded message */ + + if ((msg[0] != 0x00) || (msg[1] != (unsigned char)block_type)) { + result = CRYPT_INVALID_PACKET; + goto bail; + } + + if (block_type == LTC_PKCS_1_EME) { + for (i = 2; i < modulus_len; i++) { + /* separator */ + if (msg[i] == 0x00) { break; } + } + ps_len = i++ - 2; + + if ((i >= modulus_len) || (ps_len < 8)) { + /* There was no octet with hexadecimal value 0x00 to separate ps from m, + * or the length of ps is less than 8 octets. + */ + result = CRYPT_INVALID_PACKET; + goto bail; + } + } else { + for (i = 2; i < modulus_len - 1; i++) { + if (msg[i] != 0xFF) { break; } + } + + /* separator check */ + if (msg[i] != 0) { + /* There was no octet with hexadecimal value 0x00 to separate ps from m. */ + result = CRYPT_INVALID_PACKET; + goto bail; + } + + ps_len = i - 2; + } + + if (*outlen < (msglen - (2 + ps_len + 1))) { + *outlen = msglen - (2 + ps_len + 1); + result = CRYPT_BUFFER_OVERFLOW; + goto bail; + } + + *outlen = (msglen - (2 + ps_len + 1)); + XMEMCPY(out, &msg[2 + ps_len + 1], *outlen); + + /* valid packet */ + *is_valid = 1; + result = CRYPT_OK; +bail: + return result; +} /* pkcs_1_v1_5_decode */ + +#endif /* #ifdef PKCS_1 */ + +/* $Source: /cvs/libtom/libtomcrypt/src/pk/pkcs1/pkcs_1_v1_5_decode.c,v $ */ +/* $Revision: 1.5 $ */ +/* $Date: 2006/12/16 17:41:21 $ */ diff --git a/libtomcrypt/src/pk/pkcs1/pkcs_1_v1_5_encode.c b/libtomcrypt/src/pk/pkcs1/pkcs_1_v1_5_encode.c new file mode 100644 index 0000000..7edd1e6 --- /dev/null +++ b/libtomcrypt/src/pk/pkcs1/pkcs_1_v1_5_encode.c @@ -0,0 +1,111 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com + */ +#include "tomcrypt.h" + +/*! \file pkcs_1_v1_5_encode.c + * + * PKCS #1 v1.5 Padding (Andreas Lange) + */ + +#ifdef PKCS_1 + +/*! \brief PKCS #1 v1.5 encode. + * + * \param msg The data to encode + * \param msglen The length of the data to encode (octets) + * \param block_type Block type to use in padding (\sa ltc_pkcs_1_v1_5_blocks) + * \param modulus_bitlen The bit length of the RSA modulus + * \param prng An active PRNG state (only for LTC_PKCS_1_EME) + * \param prng_idx The index of the PRNG desired (only for LTC_PKCS_1_EME) + * \param out [out] The destination for the encoded data + * \param outlen [in/out] The max size and resulting size of the encoded data + * + * \return CRYPT_OK if successful + */ +int pkcs_1_v1_5_encode(const unsigned char *msg, + unsigned long msglen, + int block_type, + unsigned long modulus_bitlen, + prng_state *prng, + int prng_idx, + unsigned char *out, + unsigned long *outlen) +{ + unsigned long modulus_len, ps_len, i; + unsigned char *ps; + int result; + + /* valid block_type? */ + if ((block_type != LTC_PKCS_1_EMSA) && + (block_type != LTC_PKCS_1_EME)) { + return CRYPT_PK_INVALID_PADDING; + } + + if (block_type == LTC_PKCS_1_EME) { /* encryption padding, we need a valid PRNG */ + if ((result = prng_is_valid(prng_idx)) != CRYPT_OK) { + return result; + } + } + + modulus_len = (modulus_bitlen >> 3) + (modulus_bitlen & 7 ? 1 : 0); + + /* test message size */ + if ((msglen + 11) > modulus_len) { + return CRYPT_PK_INVALID_SIZE; + } + + if (*outlen < modulus_len) { + *outlen = modulus_len; + result = CRYPT_BUFFER_OVERFLOW; + goto bail; + } + + /* generate an octets string PS */ + ps = &out[2]; + ps_len = modulus_len - msglen - 3; + + if (block_type == LTC_PKCS_1_EME) { + /* now choose a random ps */ + if (prng_descriptor[prng_idx].read(ps, ps_len, prng) != ps_len) { + result = CRYPT_ERROR_READPRNG; + goto bail; + } + + /* transform zero bytes (if any) to non-zero random bytes */ + for (i = 0; i < ps_len; i++) { + while (ps[i] == 0) { + if (prng_descriptor[prng_idx].read(&ps[i], 1, prng) != 1) { + result = CRYPT_ERROR_READPRNG; + goto bail; + } + } + } + } else { + XMEMSET(ps, 0xFF, ps_len); + } + + /* create string of length modulus_len */ + out[0] = 0x00; + out[1] = (unsigned char)block_type; /* block_type 1 or 2 */ + out[2 + ps_len] = 0x00; + XMEMCPY(&out[2 + ps_len + 1], msg, msglen); + *outlen = modulus_len; + + result = CRYPT_OK; +bail: + return result; +} /* pkcs_1_v1_5_encode */ + +#endif /* #ifdef PKCS_1 */ + +/* $Source: /cvs/libtom/libtomcrypt/src/pk/pkcs1/pkcs_1_v1_5_encode.c,v $ */ +/* $Revision: 1.2 $ */ +/* $Date: 2006/11/01 09:12:06 $ */ diff --git a/libtomcrypt/src/pk/rsa/rsa_decrypt_key.c b/libtomcrypt/src/pk/rsa/rsa_decrypt_key.c index 7cea807..3dce20f 100644 --- a/libtomcrypt/src/pk/rsa/rsa_decrypt_key.c +++ b/libtomcrypt/src/pk/rsa/rsa_decrypt_key.c @@ -6,19 +6,19 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ #include "tomcrypt.h" /** @file rsa_decrypt_key.c - RSA PKCS #1 OAEP Decryption, Tom St Denis -*/ + RSA PKCS #1 Decryption, Tom St Denis and Andreas Lange +*/ #ifdef MRSA /** - (PKCS #1 v2.0) decrypt then OAEP depad + PKCS #1 decrypt then v1.5 or OAEP depad @param in The ciphertext @param inlen The length of the ciphertext (octets) @param out [out] The plaintext @@ -26,20 +26,21 @@ @param lparam The system "lparam" value @param lparamlen The length of the lparam value (octets) @param hash_idx The index of the hash desired + @param padding Type of padding (LTC_PKCS_1_OAEP or LTC_PKCS_1_V1_5) @param stat [out] Result of the decryption, 1==valid, 0==invalid @param key The corresponding private RSA key @return CRYPT_OK if succcessul (even if invalid) */ -int rsa_decrypt_key(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen, - const unsigned char *lparam, unsigned long lparamlen, - int hash_idx, int *stat, - rsa_key *key) +int rsa_decrypt_key_ex(const unsigned char *in, unsigned long inlen, + unsigned char *out, unsigned long *outlen, + const unsigned char *lparam, unsigned long lparamlen, + int hash_idx, int padding, + int *stat, rsa_key *key) { unsigned long modulus_bitlen, modulus_bytelen, x; int err; unsigned char *tmp; - + LTC_ARGCHK(out != NULL); LTC_ARGCHK(outlen != NULL); LTC_ARGCHK(key != NULL); @@ -48,16 +49,25 @@ int rsa_decrypt_key(const unsigned char *in, unsigned long inlen, /* default to invalid */ *stat = 0; - /* valid hash ? */ - if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) { - return err; + /* valid padding? */ + + if ((padding != LTC_PKCS_1_V1_5) && + (padding != LTC_PKCS_1_OAEP)) { + return CRYPT_PK_INVALID_PADDING; } - + + if (padding == LTC_PKCS_1_OAEP) { + /* valid hash ? */ + if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) { + return err; + } + } + /* get modulus len in bits */ - modulus_bitlen = mp_count_bits(&(key->N)); + modulus_bitlen = mp_count_bits( (key->N)); /* outlen must be at least the size of the modulus */ - modulus_bytelen = mp_unsigned_bin_size(&(key->N)); + modulus_bytelen = mp_unsigned_bin_size( (key->N)); if (modulus_bytelen != inlen) { return CRYPT_INVALID_PACKET; } @@ -70,24 +80,26 @@ int rsa_decrypt_key(const unsigned char *in, unsigned long inlen, /* rsa decode the packet */ x = inlen; - if ((err = rsa_exptmod(in, inlen, tmp, &x, PK_PRIVATE, key)) != CRYPT_OK) { + if ((err = ltc_mp.rsa_me(in, inlen, tmp, &x, PK_PRIVATE, key)) != CRYPT_OK) { XFREE(tmp); return err; } - /* now OAEP decode the packet */ - err = pkcs_1_oaep_decode(tmp, x, lparam, lparamlen, modulus_bitlen, hash_idx, - out, outlen, stat); + if (padding == LTC_PKCS_1_OAEP) { + /* now OAEP decode the packet */ + err = pkcs_1_oaep_decode(tmp, x, lparam, lparamlen, modulus_bitlen, hash_idx, + out, outlen, stat); + } else { + /* now PKCS #1 v1.5 depad the packet */ + err = pkcs_1_v1_5_decode(tmp, x, LTC_PKCS_1_EME, modulus_bitlen, out, outlen, stat); + } + XFREE(tmp); return err; } #endif /* MRSA */ - - - - /* $Source: /cvs/libtom/libtomcrypt/src/pk/rsa/rsa_decrypt_key.c,v $ */ -/* $Revision: 1.3 $ */ -/* $Date: 2005/05/05 14:35:59 $ */ +/* $Revision: 1.8 $ */ +/* $Date: 2006/11/01 09:18:22 $ */ diff --git a/libtomcrypt/src/pk/rsa/rsa_encrypt_key.c b/libtomcrypt/src/pk/rsa/rsa_encrypt_key.c index d29aa83..8d2c228 100644 --- a/libtomcrypt/src/pk/rsa/rsa_encrypt_key.c +++ b/libtomcrypt/src/pk/rsa/rsa_encrypt_key.c @@ -6,14 +6,14 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ #include "tomcrypt.h" /** @file rsa_encrypt_key.c - RSA PKCS OAEP encryption, Tom St Denis -*/ + RSA PKCS #1 encryption, Tom St Denis and Andreas Lange +*/ #ifdef MRSA @@ -28,53 +28,75 @@ @param prng An active PRNG @param prng_idx The index of the desired prng @param hash_idx The index of the desired hash + @param padding Type of padding (LTC_PKCS_1_OAEP or LTC_PKCS_1_V1_5) @param key The RSA key to encrypt to @return CRYPT_OK if successful -*/ -int rsa_encrypt_key(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen, - const unsigned char *lparam, unsigned long lparamlen, - prng_state *prng, int prng_idx, int hash_idx, rsa_key *key) +*/ +int rsa_encrypt_key_ex(const unsigned char *in, unsigned long inlen, + unsigned char *out, unsigned long *outlen, + const unsigned char *lparam, unsigned long lparamlen, + prng_state *prng, int prng_idx, int hash_idx, int padding, rsa_key *key) { unsigned long modulus_bitlen, modulus_bytelen, x; int err; - + LTC_ARGCHK(in != NULL); LTC_ARGCHK(out != NULL); LTC_ARGCHK(outlen != NULL); LTC_ARGCHK(key != NULL); - - /* valid prng and hash ? */ + + /* valid padding? */ + if ((padding != LTC_PKCS_1_V1_5) && + (padding != LTC_PKCS_1_OAEP)) { + return CRYPT_PK_INVALID_PADDING; + } + + /* valid prng? */ if ((err = prng_is_valid(prng_idx)) != CRYPT_OK) { return err; } - if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) { - return err; + + if (padding == LTC_PKCS_1_OAEP) { + /* valid hash? */ + if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) { + return err; + } } - + /* get modulus len in bits */ - modulus_bitlen = mp_count_bits(&(key->N)); + modulus_bitlen = mp_count_bits( (key->N)); /* outlen must be at least the size of the modulus */ - modulus_bytelen = mp_unsigned_bin_size(&(key->N)); + modulus_bytelen = mp_unsigned_bin_size( (key->N)); if (modulus_bytelen > *outlen) { + *outlen = modulus_bytelen; return CRYPT_BUFFER_OVERFLOW; } - - /* OAEP pad the key */ - x = *outlen; - if ((err = pkcs_1_oaep_encode(in, inlen, lparam, - lparamlen, modulus_bitlen, prng, prng_idx, hash_idx, - out, &x)) != CRYPT_OK) { - return err; - } - /* rsa exptmod the OAEP pad */ - return rsa_exptmod(out, x, out, outlen, PK_PUBLIC, key); + if (padding == LTC_PKCS_1_OAEP) { + /* OAEP pad the key */ + x = *outlen; + if ((err = pkcs_1_oaep_encode(in, inlen, lparam, + lparamlen, modulus_bitlen, prng, prng_idx, hash_idx, + out, &x)) != CRYPT_OK) { + return err; + } + } else { + /* PKCS #1 v1.5 pad the key */ + x = *outlen; + if ((err = pkcs_1_v1_5_encode(in, inlen, LTC_PKCS_1_EME, + modulus_bitlen, prng, prng_idx, + out, &x)) != CRYPT_OK) { + return err; + } + } + + /* rsa exptmod the OAEP or PKCS #1 v1.5 pad */ + return ltc_mp.rsa_me(out, x, out, outlen, PK_PUBLIC, key); } #endif /* MRSA */ /* $Source: /cvs/libtom/libtomcrypt/src/pk/rsa/rsa_encrypt_key.c,v $ */ -/* $Revision: 1.3 $ */ -/* $Date: 2005/05/05 14:35:59 $ */ +/* $Revision: 1.8 $ */ +/* $Date: 2006/11/01 09:18:22 $ */ diff --git a/libtomcrypt/src/pk/rsa/rsa_export.c b/libtomcrypt/src/pk/rsa/rsa_export.c index f2e324d..5b389ec 100644 --- a/libtomcrypt/src/pk/rsa/rsa_export.c +++ b/libtomcrypt/src/pk/rsa/rsa_export.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ #include "tomcrypt.h" @@ -27,9 +27,7 @@ */ int rsa_export(unsigned char *out, unsigned long *outlen, int type, rsa_key *key) { - int err; unsigned long zero=0; - LTC_ARGCHK(out != NULL); LTC_ARGCHK(outlen != NULL); LTC_ARGCHK(key != NULL); @@ -44,27 +42,22 @@ int rsa_export(unsigned char *out, unsigned long *outlen, int type, rsa_key *key /* output is Version, n, e, d, p, q, d mod (p-1), d mod (q - 1), 1/q mod p */ - if ((err = der_encode_sequence_multi(out, outlen, + return der_encode_sequence_multi(out, outlen, LTC_ASN1_SHORT_INTEGER, 1UL, &zero, - LTC_ASN1_INTEGER, 1UL, &key->N, - LTC_ASN1_INTEGER, 1UL, &key->e, - LTC_ASN1_INTEGER, 1UL, &key->d, - LTC_ASN1_INTEGER, 1UL, &key->p, - LTC_ASN1_INTEGER, 1UL, &key->q, - LTC_ASN1_INTEGER, 1UL, &key->dP, - LTC_ASN1_INTEGER, 1UL, &key->dQ, - LTC_ASN1_INTEGER, 1UL, &key->qP, - LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { - return err; - } - - /* clear zero and return */ - return CRYPT_OK; + LTC_ASN1_INTEGER, 1UL, key->N, + LTC_ASN1_INTEGER, 1UL, key->e, + LTC_ASN1_INTEGER, 1UL, key->d, + LTC_ASN1_INTEGER, 1UL, key->p, + LTC_ASN1_INTEGER, 1UL, key->q, + LTC_ASN1_INTEGER, 1UL, key->dP, + LTC_ASN1_INTEGER, 1UL, key->dQ, + LTC_ASN1_INTEGER, 1UL, key->qP, + LTC_ASN1_EOL, 0UL, NULL); } else { /* public key */ return der_encode_sequence_multi(out, outlen, - LTC_ASN1_INTEGER, 1UL, &key->N, - LTC_ASN1_INTEGER, 1UL, &key->e, + LTC_ASN1_INTEGER, 1UL, key->N, + LTC_ASN1_INTEGER, 1UL, key->e, LTC_ASN1_EOL, 0UL, NULL); } } @@ -72,5 +65,5 @@ int rsa_export(unsigned char *out, unsigned long *outlen, int type, rsa_key *key #endif /* MRSA */ /* $Source: /cvs/libtom/libtomcrypt/src/pk/rsa/rsa_export.c,v $ */ -/* $Revision: 1.11 $ */ -/* $Date: 2005/06/04 01:42:48 $ */ +/* $Revision: 1.15 $ */ +/* $Date: 2006/03/31 14:15:35 $ */ diff --git a/libtomcrypt/src/pk/rsa/rsa_exptmod.c b/libtomcrypt/src/pk/rsa/rsa_exptmod.c index 379404c..53dbf6b 100644 --- a/libtomcrypt/src/pk/rsa/rsa_exptmod.c +++ b/libtomcrypt/src/pk/rsa/rsa_exptmod.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ #include "tomcrypt.h" @@ -31,7 +31,7 @@ int rsa_exptmod(const unsigned char *in, unsigned long inlen, unsigned char *out, unsigned long *outlen, int which, rsa_key *key) { - mp_int tmp, tmpa, tmpb; + void *tmp, *tmpa, *tmpb; unsigned long x; int err; @@ -39,7 +39,7 @@ int rsa_exptmod(const unsigned char *in, unsigned long inlen, LTC_ARGCHK(out != NULL); LTC_ARGCHK(outlen != NULL); LTC_ARGCHK(key != NULL); - + /* is the key of the right type for the operation? */ if (which == PK_PRIVATE && (key->type != PK_PRIVATE)) { return CRYPT_PK_NOT_PRIVATE; @@ -51,65 +51,63 @@ int rsa_exptmod(const unsigned char *in, unsigned long inlen, } /* init and copy into tmp */ - if ((err = mp_init_multi(&tmp, &tmpa, &tmpb, NULL)) != MP_OKAY) { return mpi_to_ltc_error(err); } - if ((err = mp_read_unsigned_bin(&tmp, (unsigned char *)in, (int)inlen)) != MP_OKAY) { goto error; } + if ((err = mp_init_multi(&tmp, &tmpa, &tmpb, NULL)) != CRYPT_OK) { return err; } + if ((err = mp_read_unsigned_bin(tmp, (unsigned char *)in, (int)inlen)) != CRYPT_OK) { goto error; } /* sanity check on the input */ - if (mp_cmp(&key->N, &tmp) == MP_LT) { + if (mp_cmp(key->N, tmp) == LTC_MP_LT) { err = CRYPT_PK_INVALID_SIZE; - goto done; + goto error; } /* are we using the private exponent and is the key optimized? */ if (which == PK_PRIVATE) { /* tmpa = tmp^dP mod p */ - if ((err = mp_exptmod(&tmp, &key->dP, &key->p, &tmpa)) != MP_OKAY) { goto error; } + if ((err = mp_exptmod(tmp, key->dP, key->p, tmpa)) != CRYPT_OK) { goto error; } /* tmpb = tmp^dQ mod q */ - if ((err = mp_exptmod(&tmp, &key->dQ, &key->q, &tmpb)) != MP_OKAY) { goto error; } + if ((err = mp_exptmod(tmp, key->dQ, key->q, tmpb)) != CRYPT_OK) { goto error; } /* tmp = (tmpa - tmpb) * qInv (mod p) */ - if ((err = mp_sub(&tmpa, &tmpb, &tmp)) != MP_OKAY) { goto error; } - if ((err = mp_mulmod(&tmp, &key->qP, &key->p, &tmp)) != MP_OKAY) { goto error; } + if ((err = mp_sub(tmpa, tmpb, tmp)) != CRYPT_OK) { goto error; } + if ((err = mp_mulmod(tmp, key->qP, key->p, tmp)) != CRYPT_OK) { goto error; } /* tmp = tmpb + q * tmp */ - if ((err = mp_mul(&tmp, &key->q, &tmp)) != MP_OKAY) { goto error; } - if ((err = mp_add(&tmp, &tmpb, &tmp)) != MP_OKAY) { goto error; } + if ((err = mp_mul(tmp, key->q, tmp)) != CRYPT_OK) { goto error; } + if ((err = mp_add(tmp, tmpb, tmp)) != CRYPT_OK) { goto error; } } else { /* exptmod it */ - if ((err = mp_exptmod(&tmp, &key->e, &key->N, &tmp)) != MP_OKAY) { goto error; } + if ((err = mp_exptmod(tmp, key->e, key->N, tmp)) != CRYPT_OK) { goto error; } } /* read it back */ - x = (unsigned long)mp_unsigned_bin_size(&key->N); + x = (unsigned long)mp_unsigned_bin_size(key->N); if (x > *outlen) { + *outlen = x; err = CRYPT_BUFFER_OVERFLOW; - goto done; + goto error; } /* this should never happen ... */ - if (mp_unsigned_bin_size(&tmp) > mp_unsigned_bin_size(&key->N)) { + if (mp_unsigned_bin_size(tmp) > mp_unsigned_bin_size(key->N)) { err = CRYPT_ERROR; - goto done; + goto error; } *outlen = x; /* convert it */ zeromem(out, x); - if ((err = mp_to_unsigned_bin(&tmp, out+(x-mp_unsigned_bin_size(&tmp)))) != MP_OKAY) { goto error; } + if ((err = mp_to_unsigned_bin(tmp, out+(x-mp_unsigned_bin_size(tmp)))) != CRYPT_OK) { goto error; } /* clean up and return */ err = CRYPT_OK; - goto done; error: - err = mpi_to_ltc_error(err); -done: - mp_clear_multi(&tmp, &tmpa, &tmpb, NULL); + mp_clear_multi(tmp, tmpa, tmpb, NULL); return err; } #endif /* $Source: /cvs/libtom/libtomcrypt/src/pk/rsa/rsa_exptmod.c,v $ */ -/* $Revision: 1.4 $ */ -/* $Date: 2005/06/23 02:10:22 $ */ +/* $Revision: 1.16 $ */ +/* $Date: 2006/12/04 03:09:28 $ */ diff --git a/libtomcrypt/src/pk/rsa/rsa_free.c b/libtomcrypt/src/pk/rsa/rsa_free.c index 69eeaec..f48976a 100644 --- a/libtomcrypt/src/pk/rsa/rsa_free.c +++ b/libtomcrypt/src/pk/rsa/rsa_free.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ #include "tomcrypt.h" @@ -23,13 +23,12 @@ */ void rsa_free(rsa_key *key) { - LTC_ARGCHK(key != NULL); - mp_clear_multi(&key->e, &key->d, &key->N, &key->dQ, &key->dP, - &key->qP, &key->p, &key->q, NULL); + LTC_ARGCHKVD(key != NULL); + mp_clear_multi(key->e, key->d, key->N, key->dQ, key->dP, key->qP, key->p, key->q, NULL); } #endif /* $Source: /cvs/libtom/libtomcrypt/src/pk/rsa/rsa_free.c,v $ */ -/* $Revision: 1.3 $ */ -/* $Date: 2005/05/05 14:35:59 $ */ +/* $Revision: 1.8 $ */ +/* $Date: 2006/12/04 22:23:27 $ */ diff --git a/libtomcrypt/src/pk/rsa/rsa_import.c b/libtomcrypt/src/pk/rsa/rsa_import.c index 5706134..7b12fd9 100644 --- a/libtomcrypt/src/pk/rsa/rsa_import.c +++ b/libtomcrypt/src/pk/rsa/rsa_import.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ #include "tomcrypt.h" @@ -27,60 +27,111 @@ int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key *key) { int err; - mp_int zero; + void *zero; + unsigned char *tmpbuf; + unsigned long t, x, y, z, tmpoid[16]; + ltc_asn1_list ssl_pubkey_hashoid[2]; + ltc_asn1_list ssl_pubkey[2]; - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(key != NULL); + LTC_ARGCHK(in != NULL); + LTC_ARGCHK(key != NULL); + LTC_ARGCHK(ltc_mp.name != NULL); /* init key */ - if ((err = mp_init_multi(&zero, &key->e, &key->d, &key->N, &key->dQ, - &key->dP, &key->qP, &key->p, &key->q, NULL)) != MP_OKAY) { - return mpi_to_ltc_error(err); + if ((err = mp_init_multi(&key->e, &key->d, &key->N, &key->dQ, + &key->dP, &key->qP, &key->p, &key->q, NULL)) != CRYPT_OK) { + return err; } + /* see if the OpenSSL DER format RSA public key will work */ + tmpbuf = XCALLOC(1, MAX_RSA_SIZE*8); + if (tmpbuf == NULL) { + err = CRYPT_MEM; + goto LBL_ERR; + } + + /* this includes the internal hash ID and optional params (NULL in this case) */ + LTC_SET_ASN1(ssl_pubkey_hashoid, 0, LTC_ASN1_OBJECT_IDENTIFIER, tmpoid, sizeof(tmpoid)/sizeof(tmpoid[0])); + LTC_SET_ASN1(ssl_pubkey_hashoid, 1, LTC_ASN1_NULL, NULL, 0); + + /* the actual format of the SSL DER key is odd, it stores a RSAPublicKey in a **BIT** string ... so we have to extract it + then proceed to convert bit to octet + */ + LTC_SET_ASN1(ssl_pubkey, 0, LTC_ASN1_SEQUENCE, &ssl_pubkey_hashoid, 2); + LTC_SET_ASN1(ssl_pubkey, 1, LTC_ASN1_BIT_STRING, tmpbuf, MAX_RSA_SIZE*8); + + if (der_decode_sequence(in, inlen, + ssl_pubkey, 2UL) == CRYPT_OK) { + + /* ok now we have to reassemble the BIT STRING to an OCTET STRING. Thanks OpenSSL... */ + for (t = y = z = x = 0; x < ssl_pubkey[1].size; x++) { + y = (y << 1) | tmpbuf[x]; + if (++z == 8) { + tmpbuf[t++] = (unsigned char)y; + y = 0; + z = 0; + } + } + + /* now it should be SEQUENCE { INTEGER, INTEGER } */ + if ((err = der_decode_sequence_multi(tmpbuf, t, + LTC_ASN1_INTEGER, 1UL, key->N, + LTC_ASN1_INTEGER, 1UL, key->e, + LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { + XFREE(tmpbuf); + goto LBL_ERR; + } + XFREE(tmpbuf); + key->type = PK_PUBLIC; + return CRYPT_OK; + } + XFREE(tmpbuf); + + /* not SSL public key, try to match against PKCS #1 standards */ if ((err = der_decode_sequence_multi(in, inlen, - LTC_ASN1_INTEGER, 1UL, &key->N, + LTC_ASN1_INTEGER, 1UL, key->N, LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { goto LBL_ERR; } - if (mp_cmp_d(&key->N, 0) == MP_EQ) { + if (mp_cmp_d(key->N, 0) == LTC_MP_EQ) { + if ((err = mp_init(&zero)) != CRYPT_OK) { + goto LBL_ERR; + } /* it's a private key */ if ((err = der_decode_sequence_multi(in, inlen, - LTC_ASN1_INTEGER, 1UL, &zero, - LTC_ASN1_INTEGER, 1UL, &key->N, - LTC_ASN1_INTEGER, 1UL, &key->e, - LTC_ASN1_INTEGER, 1UL, &key->d, - LTC_ASN1_INTEGER, 1UL, &key->p, - LTC_ASN1_INTEGER, 1UL, &key->q, - LTC_ASN1_INTEGER, 1UL, &key->dP, - LTC_ASN1_INTEGER, 1UL, &key->dQ, - LTC_ASN1_INTEGER, 1UL, &key->qP, + LTC_ASN1_INTEGER, 1UL, zero, + LTC_ASN1_INTEGER, 1UL, key->N, + LTC_ASN1_INTEGER, 1UL, key->e, + LTC_ASN1_INTEGER, 1UL, key->d, + LTC_ASN1_INTEGER, 1UL, key->p, + LTC_ASN1_INTEGER, 1UL, key->q, + LTC_ASN1_INTEGER, 1UL, key->dP, + LTC_ASN1_INTEGER, 1UL, key->dQ, + LTC_ASN1_INTEGER, 1UL, key->qP, LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { + mp_clear(zero); goto LBL_ERR; } + mp_clear(zero); key->type = PK_PRIVATE; - } else if (mp_cmp_d(&key->N, 1) == MP_EQ) { + } else if (mp_cmp_d(key->N, 1) == LTC_MP_EQ) { /* we don't support multi-prime RSA */ err = CRYPT_PK_INVALID_TYPE; goto LBL_ERR; } else { /* it's a public key and we lack e */ if ((err = der_decode_sequence_multi(in, inlen, - LTC_ASN1_INTEGER, 1UL, &key->N, - LTC_ASN1_INTEGER, 1UL, &key->e, + LTC_ASN1_INTEGER, 1UL, key->N, + LTC_ASN1_INTEGER, 1UL, key->e, LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { goto LBL_ERR; } - - /* free up some ram */ - mp_clear_multi(&key->p, &key->q, &key->qP, &key->dP, &key->dQ, NULL); key->type = PK_PUBLIC; } return CRYPT_OK; LBL_ERR: - mp_clear_multi(&zero, &key->d, &key->e, &key->N, &key->dQ, &key->dP, - &key->qP, &key->p, &key->q, NULL); + mp_clear_multi(key->d, key->e, key->N, key->dQ, key->dP, key->qP, key->p, key->q, NULL); return err; } @@ -88,5 +139,5 @@ LBL_ERR: /* $Source: /cvs/libtom/libtomcrypt/src/pk/rsa/rsa_import.c,v $ */ -/* $Revision: 1.10 $ */ -/* $Date: 2005/06/03 18:48:28 $ */ +/* $Revision: 1.21 $ */ +/* $Date: 2006/12/04 22:23:27 $ */ diff --git a/libtomcrypt/src/pk/rsa/rsa_make_key.c b/libtomcrypt/src/pk/rsa/rsa_make_key.c index d874106..bd2a29b 100644 --- a/libtomcrypt/src/pk/rsa/rsa_make_key.c +++ b/libtomcrypt/src/pk/rsa/rsa_make_key.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ #include "tomcrypt.h" @@ -28,10 +28,11 @@ */ int rsa_make_key(prng_state *prng, int wprng, int size, long e, rsa_key *key) { - mp_int p, q, tmp1, tmp2, tmp3; + void *p, *q, *tmp1, *tmp2, *tmp3; int err; - LTC_ARGCHK(key != NULL); + LTC_ARGCHK(ltc_mp.name != NULL); + LTC_ARGCHK(key != NULL); if ((size < (MIN_RSA_SIZE/8)) || (size > (MAX_RSA_SIZE/8))) { return CRYPT_INVALID_KEYSIZE; @@ -45,81 +46,67 @@ int rsa_make_key(prng_state *prng, int wprng, int size, long e, rsa_key *key) return err; } - if ((err = mp_init_multi(&p, &q, &tmp1, &tmp2, &tmp3, NULL)) != MP_OKAY) { - return mpi_to_ltc_error(err); + if ((err = mp_init_multi(&p, &q, &tmp1, &tmp2, &tmp3, NULL)) != CRYPT_OK) { + return err; } /* make primes p and q (optimization provided by Wayne Scott) */ - if ((err = mp_set_int(&tmp3, e)) != MP_OKAY) { goto error; } /* tmp3 = e */ + if ((err = mp_set_int(tmp3, e)) != CRYPT_OK) { goto errkey; } /* tmp3 = e */ /* make prime "p" */ do { - if ((err = rand_prime(&p, size*4, prng, wprng)) != CRYPT_OK) { goto done; } - if ((err = mp_sub_d(&p, 1, &tmp1)) != MP_OKAY) { goto error; } /* tmp1 = p-1 */ - if ((err = mp_gcd(&tmp1, &tmp3, &tmp2)) != MP_OKAY) { goto error; } /* tmp2 = gcd(p-1, e) */ - } while (mp_cmp_d(&tmp2, 1) != 0); /* while e divides p-1 */ + if ((err = rand_prime( p, size/2, prng, wprng)) != CRYPT_OK) { goto errkey; } + if ((err = mp_sub_d( p, 1, tmp1)) != CRYPT_OK) { goto errkey; } /* tmp1 = p-1 */ + if ((err = mp_gcd( tmp1, tmp3, tmp2)) != CRYPT_OK) { goto errkey; } /* tmp2 = gcd(p-1, e) */ + } while (mp_cmp_d( tmp2, 1) != 0); /* while e divides p-1 */ /* make prime "q" */ do { - if ((err = rand_prime(&q, size*4, prng, wprng)) != CRYPT_OK) { goto done; } - if ((err = mp_sub_d(&q, 1, &tmp1)) != MP_OKAY) { goto error; } /* tmp1 = q-1 */ - if ((err = mp_gcd(&tmp1, &tmp3, &tmp2)) != MP_OKAY) { goto error; } /* tmp2 = gcd(q-1, e) */ - } while (mp_cmp_d(&tmp2, 1) != 0); /* while e divides q-1 */ + if ((err = rand_prime( q, size/2, prng, wprng)) != CRYPT_OK) { goto errkey; } + if ((err = mp_sub_d( q, 1, tmp1)) != CRYPT_OK) { goto errkey; } /* tmp1 = q-1 */ + if ((err = mp_gcd( tmp1, tmp3, tmp2)) != CRYPT_OK) { goto errkey; } /* tmp2 = gcd(q-1, e) */ + } while (mp_cmp_d( tmp2, 1) != 0); /* while e divides q-1 */ /* tmp1 = lcm(p-1, q-1) */ - if ((err = mp_sub_d(&p, 1, &tmp2)) != MP_OKAY) { goto error; } /* tmp2 = p-1 */ - /* tmp1 = q-1 (previous do/while loop) */ - if ((err = mp_lcm(&tmp1, &tmp2, &tmp1)) != MP_OKAY) { goto error; } /* tmp1 = lcm(p-1, q-1) */ + if ((err = mp_sub_d( p, 1, tmp2)) != CRYPT_OK) { goto errkey; } /* tmp2 = p-1 */ + /* tmp1 = q-1 (previous do/while loop) */ + if ((err = mp_lcm( tmp1, tmp2, tmp1)) != CRYPT_OK) { goto errkey; } /* tmp1 = lcm(p-1, q-1) */ /* make key */ - if ((err = mp_init_multi(&key->e, &key->d, &key->N, &key->dQ, &key->dP, - &key->qP, &key->p, &key->q, NULL)) != MP_OKAY) { - goto error; + if ((err = mp_init_multi(&key->e, &key->d, &key->N, &key->dQ, &key->dP, &key->qP, &key->p, &key->q, NULL)) != CRYPT_OK) { + goto errkey; } - if ((err = mp_set_int(&key->e, e)) != MP_OKAY) { goto error2; } /* key->e = e */ - if ((err = mp_invmod(&key->e, &tmp1, &key->d)) != MP_OKAY) { goto error2; } /* key->d = 1/e mod lcm(p-1,q-1) */ - if ((err = mp_mul(&p, &q, &key->N)) != MP_OKAY) { goto error2; } /* key->N = pq */ + if ((err = mp_set_int( key->e, e)) != CRYPT_OK) { goto errkey; } /* key->e = e */ + if ((err = mp_invmod( key->e, tmp1, key->d)) != CRYPT_OK) { goto errkey; } /* key->d = 1/e mod lcm(p-1,q-1) */ + if ((err = mp_mul( p, q, key->N)) != CRYPT_OK) { goto errkey; } /* key->N = pq */ /* optimize for CRT now */ /* find d mod q-1 and d mod p-1 */ - if ((err = mp_sub_d(&p, 1, &tmp1)) != MP_OKAY) { goto error2; } /* tmp1 = q-1 */ - if ((err = mp_sub_d(&q, 1, &tmp2)) != MP_OKAY) { goto error2; } /* tmp2 = p-1 */ - if ((err = mp_mod(&key->d, &tmp1, &key->dP)) != MP_OKAY) { goto error2; } /* dP = d mod p-1 */ - if ((err = mp_mod(&key->d, &tmp2, &key->dQ)) != MP_OKAY) { goto error2; } /* dQ = d mod q-1 */ - if ((err = mp_invmod(&q, &p, &key->qP)) != MP_OKAY) { goto error2; } /* qP = 1/q mod p */ - - if ((err = mp_copy(&p, &key->p)) != MP_OKAY) { goto error2; } - if ((err = mp_copy(&q, &key->q)) != MP_OKAY) { goto error2; } - - /* shrink ram required */ - if ((err = mp_shrink(&key->e)) != MP_OKAY) { goto error2; } - if ((err = mp_shrink(&key->d)) != MP_OKAY) { goto error2; } - if ((err = mp_shrink(&key->N)) != MP_OKAY) { goto error2; } - if ((err = mp_shrink(&key->dQ)) != MP_OKAY) { goto error2; } - if ((err = mp_shrink(&key->dP)) != MP_OKAY) { goto error2; } - if ((err = mp_shrink(&key->qP)) != MP_OKAY) { goto error2; } - if ((err = mp_shrink(&key->p)) != MP_OKAY) { goto error2; } - if ((err = mp_shrink(&key->q)) != MP_OKAY) { goto error2; } + if ((err = mp_sub_d( p, 1, tmp1)) != CRYPT_OK) { goto errkey; } /* tmp1 = q-1 */ + if ((err = mp_sub_d( q, 1, tmp2)) != CRYPT_OK) { goto errkey; } /* tmp2 = p-1 */ + if ((err = mp_mod( key->d, tmp1, key->dP)) != CRYPT_OK) { goto errkey; } /* dP = d mod p-1 */ + if ((err = mp_mod( key->d, tmp2, key->dQ)) != CRYPT_OK) { goto errkey; } /* dQ = d mod q-1 */ + if ((err = mp_invmod( q, p, key->qP)) != CRYPT_OK) { goto errkey; } /* qP = 1/q mod p */ + + if ((err = mp_copy( p, key->p)) != CRYPT_OK) { goto errkey; } + if ((err = mp_copy( q, key->q)) != CRYPT_OK) { goto errkey; } /* set key type (in this case it's CRT optimized) */ key->type = PK_PRIVATE; /* return ok and free temps */ err = CRYPT_OK; - goto done; -error2: - mp_clear_multi(&key->d, &key->e, &key->N, &key->dQ, &key->dP, - &key->qP, &key->p, &key->q, NULL); -error: - err = mpi_to_ltc_error(err); -done: - mp_clear_multi(&tmp3, &tmp2, &tmp1, &p, &q, NULL); + goto cleanup; +errkey: + mp_clear_multi(key->d, key->e, key->N, key->dQ, key->dP, key->qP, key->p, key->q, NULL); +cleanup: + mp_clear_multi(tmp3, tmp2, tmp1, p, q, NULL); return err; } #endif /* $Source: /cvs/libtom/libtomcrypt/src/pk/rsa/rsa_make_key.c,v $ */ -/* $Revision: 1.3 $ */ -/* $Date: 2005/05/05 14:35:59 $ */ +/* $Revision: 1.14 $ */ +/* $Date: 2006/12/04 22:23:27 $ */ diff --git a/libtomcrypt/src/pk/rsa/rsa_sign_hash.c b/libtomcrypt/src/pk/rsa/rsa_sign_hash.c index d31bda3..f10a97a 100644 --- a/libtomcrypt/src/pk/rsa/rsa_sign_hash.c +++ b/libtomcrypt/src/pk/rsa/rsa_sign_hash.c @@ -6,23 +6,24 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ #include "tomcrypt.h" /** @file rsa_sign_hash.c - RSA PKCS v2 PSS sign hash, Tom St Denis -*/ + RSA PKCS #1 v1.5 and v2 PSS sign hash, Tom St Denis and Andreas Lange +*/ #ifdef MRSA /** - (PKCS #1, v2.0) PSS pad then sign + PKCS #1 pad then sign @param in The hash to sign @param inlen The length of the hash to sign (octets) @param out [out] The signature - @param outlen [in/out] The max size and resulting size of the signature + @param outlen [in/out] The max size and resulting size of the signature + @param padding Type of padding (LTC_PKCS_1_PSS or LTC_PKCS_1_V1_5) @param prng An active PRNG state @param prng_idx The index of the PRNG desired @param hash_idx The index of the hash desired @@ -30,50 +31,104 @@ @param key The private RSA key to use @return CRYPT_OK if successful */ -int rsa_sign_hash(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen, - prng_state *prng, int prng_idx, - int hash_idx, unsigned long saltlen, - rsa_key *key) +int rsa_sign_hash_ex(const unsigned char *in, unsigned long inlen, + unsigned char *out, unsigned long *outlen, + int padding, + prng_state *prng, int prng_idx, + int hash_idx, unsigned long saltlen, + rsa_key *key) { - unsigned long modulus_bitlen, modulus_bytelen, x; + unsigned long modulus_bitlen, modulus_bytelen, x, y; int err; - - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - LTC_ARGCHK(key != NULL); - - /* valid prng and hash ? */ - if ((err = prng_is_valid(prng_idx)) != CRYPT_OK) { - return err; - } - if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) { - return err; - } - - /* get modulus len in bits */ - modulus_bitlen = mp_count_bits(&(key->N)); + + LTC_ARGCHK(in != NULL); + LTC_ARGCHK(out != NULL); + LTC_ARGCHK(outlen != NULL); + LTC_ARGCHK(key != NULL); + + /* valid padding? */ + if ((padding != LTC_PKCS_1_V1_5) && (padding != LTC_PKCS_1_PSS)) { + return CRYPT_PK_INVALID_PADDING; + } + + if (padding == LTC_PKCS_1_PSS) { + /* valid prng and hash ? */ + if ((err = prng_is_valid(prng_idx)) != CRYPT_OK) { + return err; + } + if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) { + return err; + } + } + + /* get modulus len in bits */ + modulus_bitlen = mp_count_bits((key->N)); /* outlen must be at least the size of the modulus */ - modulus_bytelen = mp_unsigned_bin_size(&(key->N)); + modulus_bytelen = mp_unsigned_bin_size((key->N)); if (modulus_bytelen > *outlen) { + *outlen = modulus_bytelen; return CRYPT_BUFFER_OVERFLOW; } - - /* PSS pad the key */ - x = *outlen; - if ((err = pkcs_1_pss_encode(in, inlen, saltlen, prng, prng_idx, - hash_idx, modulus_bitlen, out, &x)) != CRYPT_OK) { - return err; + + if (padding == LTC_PKCS_1_PSS) { + /* PSS pad the key */ + x = *outlen; + if ((err = pkcs_1_pss_encode(in, inlen, saltlen, prng, prng_idx, + hash_idx, modulus_bitlen, out, &x)) != CRYPT_OK) { + return err; + } + } else { + /* PKCS #1 v1.5 pad the hash */ + unsigned char *tmpin; + ltc_asn1_list digestinfo[2], siginfo[2]; + + /* not all hashes have OIDs... so sad */ + if (hash_descriptor[hash_idx].OIDlen == 0) { + return CRYPT_INVALID_ARG; + } + + /* construct the SEQUENCE + SEQUENCE { + SEQUENCE {hashoid OID + blah NULL + } + hash OCTET STRING + } + */ + LTC_SET_ASN1(digestinfo, 0, LTC_ASN1_OBJECT_IDENTIFIER, hash_descriptor[hash_idx].OID, hash_descriptor[hash_idx].OIDlen); + LTC_SET_ASN1(digestinfo, 1, LTC_ASN1_NULL, NULL, 0); + LTC_SET_ASN1(siginfo, 0, LTC_ASN1_SEQUENCE, digestinfo, 2); + LTC_SET_ASN1(siginfo, 1, LTC_ASN1_OCTET_STRING, in, inlen); + + /* allocate memory for the encoding */ + y = mp_unsigned_bin_size(key->N); + tmpin = XMALLOC(y); + if (tmpin == NULL) { + return CRYPT_MEM; + } + + if ((err = der_encode_sequence(siginfo, 2, tmpin, &y)) != CRYPT_OK) { + XFREE(tmpin); + return err; + } + + x = *outlen; + if ((err = pkcs_1_v1_5_encode(tmpin, y, LTC_PKCS_1_EMSA, + modulus_bitlen, NULL, 0, + out, &x)) != CRYPT_OK) { + XFREE(tmpin); + return err; + } + XFREE(tmpin); } /* RSA encode it */ - return rsa_exptmod(out, x, out, outlen, PK_PRIVATE, key); + return ltc_mp.rsa_me(out, x, out, outlen, PK_PRIVATE, key); } #endif /* MRSA */ /* $Source: /cvs/libtom/libtomcrypt/src/pk/rsa/rsa_sign_hash.c,v $ */ -/* $Revision: 1.3 $ */ -/* $Date: 2005/05/05 14:35:59 $ */ +/* $Revision: 1.9 $ */ +/* $Date: 2006/11/09 23:15:39 $ */ diff --git a/libtomcrypt/src/pk/rsa/rsa_verify_hash.c b/libtomcrypt/src/pk/rsa/rsa_verify_hash.c index 690364d..4b61029 100644 --- a/libtomcrypt/src/pk/rsa/rsa_verify_hash.c +++ b/libtomcrypt/src/pk/rsa/rsa_verify_hash.c @@ -6,75 +6,156 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ #include "tomcrypt.h" /** @file rsa_verify_hash.c - RSA PKCS v2 PSS signature verification, Tom St Denis -*/ + RSA PKCS #1 v1.5 or v2 PSS signature verification, Tom St Denis and Andreas Lange +*/ #ifdef MRSA /** - (PKCS #1, v2.0) de-sign then PSS depad + PKCS #1 de-sign then v1.5 or PSS depad @param sig The signature data @param siglen The length of the signature data (octets) @param hash The hash of the message that was signed @param hashlen The length of the hash of the message that was signed (octets) + @param padding Type of padding (LTC_PKCS_1_PSS or LTC_PKCS_1_V1_5) @param hash_idx The index of the desired hash @param saltlen The length of the salt used during signature @param stat [out] The result of the signature comparison, 1==valid, 0==invalid @param key The public RSA key corresponding to the key that performed the signature @return CRYPT_OK on success (even if the signature is invalid) */ -int rsa_verify_hash(const unsigned char *sig, unsigned long siglen, - const unsigned char *hash, unsigned long hashlen, - int hash_idx, unsigned long saltlen, - int *stat, rsa_key *key) +int rsa_verify_hash_ex(const unsigned char *sig, unsigned long siglen, + const unsigned char *hash, unsigned long hashlen, + int padding, + int hash_idx, unsigned long saltlen, + int *stat, rsa_key *key) { - unsigned long modulus_bitlen, modulus_bytelen, x; - int err; - unsigned char *tmpbuf; - + unsigned long modulus_bitlen, modulus_bytelen, x; + int err; + unsigned char *tmpbuf; + LTC_ARGCHK(hash != NULL); - LTC_ARGCHK(sig != NULL); - LTC_ARGCHK(stat != NULL); - LTC_ARGCHK(key != NULL); + LTC_ARGCHK(sig != NULL); + LTC_ARGCHK(stat != NULL); + LTC_ARGCHK(key != NULL); /* default to invalid */ *stat = 0; - - /* valid hash ? */ - if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) { - return err; + + /* valid padding? */ + + if ((padding != LTC_PKCS_1_V1_5) && + (padding != LTC_PKCS_1_PSS)) { + return CRYPT_PK_INVALID_PADDING; } - + + if (padding == LTC_PKCS_1_PSS) { + /* valid hash ? */ + if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) { + return err; + } + } + /* get modulus len in bits */ - modulus_bitlen = mp_count_bits(&(key->N)); + modulus_bitlen = mp_count_bits( (key->N)); /* outlen must be at least the size of the modulus */ - modulus_bytelen = mp_unsigned_bin_size(&(key->N)); + modulus_bytelen = mp_unsigned_bin_size( (key->N)); if (modulus_bytelen != siglen) { return CRYPT_INVALID_PACKET; } - + /* allocate temp buffer for decoded sig */ tmpbuf = XMALLOC(siglen); if (tmpbuf == NULL) { return CRYPT_MEM; } - + /* RSA decode it */ x = siglen; - if ((err = rsa_exptmod(sig, siglen, tmpbuf, &x, PK_PUBLIC, key)) != CRYPT_OK) { + if ((err = ltc_mp.rsa_me(sig, siglen, tmpbuf, &x, PK_PUBLIC, key)) != CRYPT_OK) { XFREE(tmpbuf); return err; } - - /* PSS decode it */ - err = pkcs_1_pss_decode(hash, hashlen, tmpbuf, x, saltlen, hash_idx, modulus_bitlen, stat); + + /* make sure the output is the right size */ + if (x != siglen) { + XFREE(tmpbuf); + return CRYPT_INVALID_PACKET; + } + + if (padding == LTC_PKCS_1_PSS) { + /* PSS decode and verify it */ + err = pkcs_1_pss_decode(hash, hashlen, tmpbuf, x, saltlen, hash_idx, modulus_bitlen, stat); + } else { + /* PKCS #1 v1.5 decode it */ + unsigned char *out; + unsigned long outlen, loid[16]; + int decoded; + ltc_asn1_list digestinfo[2], siginfo[2]; + + /* not all hashes have OIDs... so sad */ + if (hash_descriptor[hash_idx].OIDlen == 0) { + err = CRYPT_INVALID_ARG; + goto bail_2; + } + + /* allocate temp buffer for decoded hash */ + outlen = ((modulus_bitlen >> 3) + (modulus_bitlen & 7 ? 1 : 0)) - 3; + out = XMALLOC(outlen); + if (out == NULL) { + err = CRYPT_MEM; + goto bail_2; + } + + if ((err = pkcs_1_v1_5_decode(tmpbuf, x, LTC_PKCS_1_EMSA, modulus_bitlen, out, &outlen, &decoded)) != CRYPT_OK) { + XFREE(out); + goto bail_2; + } + + /* now we must decode out[0...outlen-1] using ASN.1, test the OID and then test the hash */ + /* construct the SEQUENCE + SEQUENCE { + SEQUENCE {hashoid OID + blah NULL + } + hash OCTET STRING + } + */ + LTC_SET_ASN1(digestinfo, 0, LTC_ASN1_OBJECT_IDENTIFIER, loid, sizeof(loid)/sizeof(loid[0])); + LTC_SET_ASN1(digestinfo, 1, LTC_ASN1_NULL, NULL, 0); + LTC_SET_ASN1(siginfo, 0, LTC_ASN1_SEQUENCE, digestinfo, 2); + LTC_SET_ASN1(siginfo, 1, LTC_ASN1_OCTET_STRING, tmpbuf, siglen); + + if ((err = der_decode_sequence(out, outlen, siginfo, 2)) != CRYPT_OK) { + XFREE(out); + goto bail_2; + } + + /* test OID */ + if ((digestinfo[0].size == hash_descriptor[hash_idx].OIDlen) && + (XMEMCMP(digestinfo[0].data, hash_descriptor[hash_idx].OID, sizeof(unsigned long) * hash_descriptor[hash_idx].OIDlen) == 0) && + (siginfo[1].size == hashlen) && + (XMEMCMP(siginfo[1].data, hash, hashlen) == 0)) { + *stat = 1; + } + +#ifdef LTC_CLEAN_STACK + zeromem(out, outlen); +#endif + XFREE(out); + } + +bail_2: +#ifdef LTC_CLEAN_STACK + zeromem(tmpbuf, siglen); +#endif XFREE(tmpbuf); return err; } @@ -82,5 +163,5 @@ int rsa_verify_hash(const unsigned char *sig, unsigned long siglen, #endif /* MRSA */ /* $Source: /cvs/libtom/libtomcrypt/src/pk/rsa/rsa_verify_hash.c,v $ */ -/* $Revision: 1.3 $ */ -/* $Date: 2005/05/05 14:35:59 $ */ +/* $Revision: 1.11 $ */ +/* $Date: 2006/12/04 03:09:28 $ */ |