2 * Copyright (c) 1991, 1993
3 * Dave Safford. All rights reserved.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. Neither the name of the University nor the names of its contributors
14 * may be used to endorse or promote products derived from this software
15 * without specific prior written permission.
17 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 * $FreeBSD: src/crypto/telnet/libtelnet/pk.c,v 1.2.2.4 2002/08/24 07:28:35 nsayer Exp $
33 /* public key routines */
35 genkeys(char *public, char *secret)
36 common_key(char *secret, char *public, desData *deskey)
37 pk_encode(char *in, *out, DesData *deskey);
38 pk_decode(char *in, *out, DesData *deskey);
40 char public[HEXKEYBYTES + 1];
41 char secret[HEXKEYBYTES + 1];
51 #include <openssl/bn.h>
52 #include <openssl/crypto.h>
53 #include <openssl/des.h>
54 #include <openssl/err.h>
58 static void adjust(char keyout
[HEXKEYBYTES
+1], char *keyin
);
61 * Choose top 128 bits of the common key to use as our idea key.
64 extractideakey(BIGNUM
*ck
, IdeaData
*ideakey
)
68 BN_ULONG r
, base
= (1 << 8);
71 if ((z
= BN_new()) == NULL
)
72 errx(1, "could not create BIGNUM");
74 if ((a
= BN_new()) == NULL
)
75 errx(1, "could not create BIGNUM");
78 for (i
= 0; i
< ((KEYSIZE
- 128) / 8); i
++) {
79 r
= BN_div_word(a
, base
);
82 for (i
= 0; i
< 16; i
++) {
83 r
= BN_div_word(a
, base
);
91 * Choose middle 64 bits of the common key to use as our des key, possibly
92 * overwriting the lower order bits by setting parity.
95 extractdeskey(BIGNUM
*ck
, DesData
*deskey
)
99 BN_ULONG r
, base
= (1 << 8);
102 if ((z
= BN_new()) == NULL
)
103 errx(1, "could not create BIGNUM");
105 if ((a
= BN_new()) == NULL
)
106 errx(1, "could not create BIGNUM");
109 for (i
= 0; i
< ((KEYSIZE
- 64) / 2) / 8; i
++) {
110 r
= BN_div_word(a
, base
);
113 for (i
= 0; i
< 8; i
++) {
114 r
= BN_div_word(a
, base
);
122 * get common key from my secret key and his public key
125 common_key(char *xsecret
, char *xpublic
, IdeaData
*ideakey
, DesData
*deskey
)
127 BIGNUM
*public, *secret
, *common
, *modulus
;
130 if ((ctx
= BN_CTX_new()) == NULL
)
131 errx(1, "could not create BN_CTX");
133 if (BN_hex2bn(&modulus
, HEXMODULUS
) == 0)
134 errx(1, "could not convert modulus");
136 if (BN_hex2bn(&public, xpublic
) == 0)
137 errx(1, "could not convert public");
139 if (BN_hex2bn(&secret
, xsecret
) == 0)
140 errx(1, "could not convert secret");
142 if ((common
= BN_new()) == NULL
)
143 errx(1, "could not create BIGNUM");
145 BN_mod_exp(common
, public, secret
, modulus
, ctx
);
146 extractdeskey(common
, deskey
);
147 extractideakey(common
, ideakey
);
148 DES_set_odd_parity(deskey
);
160 getseed(char *seed
, int seedsize
)
164 for (i
= 0; i
< seedsize
; i
++) {
165 seed
[i
] = arc4random() & 0xff;
174 if ((n
= BN_new()) == NULL
)
175 errx(1, "could not create BIGNUM: %s",
176 ERR_error_string(ERR_get_error(), 0));
179 BN_add_word(n
, (u_long
)i
);
181 BN_sub_word(n
, (u_long
)(-i
));
186 * Generate a random public/secret key pair
189 genkeys(char *public, char *secret
)
191 #define BASEBITS (8*sizeof (short) - 1)
192 #define BASE (short)(1 << BASEBITS)
196 unsigned short seed
[KEYSIZE
/BASEBITS
+ 1];
200 BIGNUM
*pk
, *sk
, *tmp
, *base
, *root
, *modulus
;
208 if (BN_hex2bn(&modulus
, HEXMODULUS
) == 0)
209 errx(1, "could not convert modulus to BIGNUM: %s",
210 ERR_error_string(ERR_get_error(), 0));
212 if ((ctx
= BN_CTX_new()) == NULL
)
213 errx(1, "could not create BN_CTX: %s",
214 ERR_error_string(ERR_get_error(), 0));
216 getseed((char *)seed
, sizeof (seed
));
217 for (i
= 0; i
< KEYSIZE
/BASEBITS
+ 1; i
++) {
221 BN_mul(sk
, base
, sk
, ctx
);
225 BN_div(tmp
, sk
, sk
, modulus
, ctx
);
226 BN_mod_exp(pk
, root
, sk
, modulus
, ctx
);
228 if ((xkey
= BN_bn2hex(sk
)) == NULL
)
229 errx(1, "could convert sk to hex: %s",
230 ERR_error_string(ERR_get_error(), 0));
231 adjust(secret
, xkey
);
234 if ((xkey
= BN_bn2hex(pk
)) == NULL
)
235 errx(1, "could convert pk to hex: %s",
236 ERR_error_string(ERR_get_error(), 0));
237 adjust(public, xkey
);
249 * Adjust the input key so that it is 0-filled on the left
252 adjust(char keyout
[HEXKEYBYTES
+1], char *keyin
)
257 for (p
= keyin
; *p
; p
++)
259 for (s
= keyout
+ HEXKEYBYTES
; p
>= keyin
; p
--, s
--) {
262 while (s
>= keyout
) {
267 static char hextab
[17] = "0123456789ABCDEF";
269 /* given a DES key, cbc encrypt and translate input to terminated hex */
271 pk_encode(char *in
, char *out
, DesData
*key
)
278 memset(&i
,0,sizeof(i
));
279 memset(buf
,0,sizeof(buf
));
280 deslen
= ((strlen(in
) + 7)/8)*8;
281 DES_key_sched(key
, &k
);
282 DES_cbc_encrypt(in
,buf
,deslen
, &k
,&i
,DES_ENCRYPT
);
283 for (l
=0,op
=0;l
<deslen
;l
++) {
284 out
[op
++] = hextab
[(buf
[l
] & 0xf0) >> 4];
285 out
[op
++] = hextab
[(buf
[l
] & 0x0f)];
290 /* given a DES key, translate input from hex and decrypt */
292 pk_decode(char *in
, char *out
, DesData
*key
)
300 memset(&i
,0,sizeof(i
));
301 memset(buf
,0,sizeof(buf
));
302 for (l
=0,op
=0;l
<strlen(in
)/2;l
++,op
+=2) {
304 n1
= in
[op
] - 'A' + 10;
308 n2
= in
[op
+1] - 'A' + 10;
313 DES_key_sched(key
, &k
);
314 DES_cbc_encrypt(buf
,out
,strlen(in
)/2, &k
,&i
,DES_DECRYPT
);
315 out
[strlen(in
)/2] = '\0';