search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Add some doxygen.
[heimdal.git] / lib / hcrypto / rsa.c
blob935e7a72adcefe2863932311acc232fb095c76b1
1 /*
2 * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #ifdef HAVE_CONFIG_H
35 #include <config.h>
36 #endif
37
38 RCSID("$Id$");
39
40 #include <stdio.h>
41 #include <stdlib.h>
42 #include <krb5-types.h>
43 #include <rfc2459_asn1.h>
44
45 #include <rsa.h>
46
47 #include <roken.h>
48
49 /**
50 * @page page_rsa RSA - public-key cryptography
51 *
52 * RSA is named by its inventors (Ron Rivest, Adi Shamir, and Leonard
53 * Adleman) (published in 1977), patented expired in 21 September 2000.
54 *
55 * See the library functions here: @ref hcrypto_rsa
56 */
57
58 /**
59 * Same as RSA_new_method() using NULL as engine.
60 *
61 * @return a newly allocated RSA object. Free with RSA_free().
62 *
63 * @ingroup hcrypto_rsa
64 */
65
66 RSA *
67 RSA_new(void)
68 {
69 return RSA_new_method(NULL);
70 }
71
72 /**
73 * Allocate a new RSA object using the engine, if NULL is specified as
74 * the engine, use the default RSA engine as returned by
75 * ENGINE_get_default_RSA().
76 *
77 * @return a newly allocated RSA object. Free with RSA_free().
78 *
79 * @ingroup hcrypto_rsa
80 */
81
82 RSA *
83 RSA_new_method(ENGINE *engine)
84 {
85 RSA *rsa;
86
87 rsa = calloc(1, sizeof(*rsa));
88 if (rsa == NULL)
89 return NULL;
90
91 rsa->references = 1;
92
93 if (engine) {
94 ENGINE_up_ref(engine);
95 rsa->engine = engine;
96 } else {
97 rsa->engine = ENGINE_get_default_RSA();
98 }
99
100 if (rsa->engine) {
101 rsa->meth = ENGINE_get_RSA(rsa->engine);
102 if (rsa->meth == NULL) {
103 ENGINE_finish(engine);
104 free(rsa);
105 return 0;
106 }
107 }
108
109 if (rsa->meth == NULL)
110 rsa->meth = rk_UNCONST(RSA_get_default_method());
111
112 (*rsa->meth->init)(rsa);
113
114 return rsa;
115 }
116
117 /**
118 * Free an allocation RSA object.
119 *
120 * @param rsa the RSA object to free.
121 * @ingroup hcrypto_rsa
122 */
123
124 void
125 RSA_free(RSA *rsa)
126 {
127 if (rsa->references <= 0)
128 abort();
129
130 if (--rsa->references > 0)
131 return;
132
133 (*rsa->meth->finish)(rsa);
134
135 if (rsa->engine)
136 ENGINE_finish(rsa->engine);
137
138 #define free_if(f) if (f) { BN_free(f); }
139 free_if(rsa->n);
140 free_if(rsa->e);
141 free_if(rsa->d);
142 free_if(rsa->p);
143 free_if(rsa->q);
144 free_if(rsa->dmp1);
145 free_if(rsa->dmq1);
146 free_if(rsa->iqmp);
147 #undef free_if
148
149 memset(rsa, 0, sizeof(*rsa));
150 free(rsa);
151 }
152
153 /**
154 * Add an extra reference to the RSA object. The object should be free
155 * with RSA_free() to drop the reference.
156 *
157 * @param rsa the object to add reference counting too.
158 *
159 * @return the current reference count, can't safely be used except
160 * for debug printing.
161 *
162 * @ingroup hcrypto_rsa
163 */
164
165 int
166 RSA_up_ref(RSA *rsa)
167 {
168 return ++rsa->references;
169 }
170
171 const RSA_METHOD *
172 RSA_get_method(const RSA *rsa)
173 {
174 return rsa->meth;
175 }
176
177 int
178 RSA_set_method(RSA *rsa, const RSA_METHOD *method)
179 {
180 (*rsa->meth->finish)(rsa);
181
182 if (rsa->engine) {
183 ENGINE_finish(rsa->engine);
184 rsa->engine = NULL;
185 }
186
187 rsa->meth = method;
188 (*rsa->meth->init)(rsa);
189 return 1;
190 }
191
192 int
193 RSA_set_app_data(RSA *rsa, void *arg)
194 {
195 rsa->ex_data.sk = arg;
196 return 1;
197 }
198
199 void *
200 RSA_get_app_data(RSA *rsa)
201 {
202 return rsa->ex_data.sk;
203 }
204
205 int
206 RSA_check_key(const RSA *key)
207 {
208 static const unsigned char inbuf[] = "hello, world!";
209 RSA *rsa = rk_UNCONST(key);
210 void *buffer;
211 int ret;
212
213 /*
214 * XXX I have no clue how to implement this w/o a bignum library.
215 * Well, when we have a RSA key pair, we can try to encrypt/sign
216 * and then decrypt/verify.
217 */
218
219 if ((rsa->d == NULL || rsa->n == NULL) &&
220 (rsa->p == NULL || rsa->q || rsa->dmp1 == NULL || rsa->dmq1 == NULL || rsa->iqmp == NULL))
221 return 0;
222
223 buffer = malloc(RSA_size(rsa));
224 if (buffer == NULL)
225 return 0;
226
227 ret = RSA_private_encrypt(sizeof(inbuf), inbuf, buffer,
228 rsa, RSA_PKCS1_PADDING);
229 if (ret == -1) {
230 free(buffer);
231 return 0;
232 }
233
234 ret = RSA_public_decrypt(ret, buffer, buffer,
235 rsa, RSA_PKCS1_PADDING);
236 if (ret == -1) {
237 free(buffer);
238 return 0;
239 }
240
241 if (ret == sizeof(inbuf) && memcmp(buffer, inbuf, sizeof(inbuf)) == 0) {
242 free(buffer);
243 return 1;
244 }
245 free(buffer);
246 return 0;
247 }
248
249 int
250 RSA_size(const RSA *rsa)
251 {
252 return BN_num_bytes(rsa->n);
253 }
254
255 #define RSAFUNC(name, body) \
256 int \
257 name(int flen,const unsigned char* f, unsigned char* t, RSA* r, int p){\
258 return body; \
259 }
260
261 RSAFUNC(RSA_public_encrypt, (r)->meth->rsa_pub_enc(flen, f, t, r, p))
262 RSAFUNC(RSA_public_decrypt, (r)->meth->rsa_pub_dec(flen, f, t, r, p))
263 RSAFUNC(RSA_private_encrypt, (r)->meth->rsa_priv_enc(flen, f, t, r, p))
264 RSAFUNC(RSA_private_decrypt, (r)->meth->rsa_priv_dec(flen, f, t, r, p))
265
266 /* XXX */
267 int
268 RSA_sign(int type, const unsigned char *from, unsigned int flen,
269 unsigned char *to, unsigned int *tlen, RSA *rsa)
270 {
271 return -1;
272 }
273
274 int
275 RSA_verify(int type, const unsigned char *from, unsigned int flen,
276 unsigned char *to, unsigned int tlen, RSA *rsa)
277 {
278 return -1;
279 }
280
281 /*
282 * A NULL RSA_METHOD that returns failure for all operations. This is
283 * used as the default RSA method if we don't have any native
284 * support.
285 */
286
287 static RSAFUNC(null_rsa_public_encrypt, -1)
288 static RSAFUNC(null_rsa_public_decrypt, -1)
289 static RSAFUNC(null_rsa_private_encrypt, -1)
290 static RSAFUNC(null_rsa_private_decrypt, -1)
291
292 /*
293 *
294 */
295
296 int
297 RSA_generate_key_ex(RSA *r, int bits, BIGNUM *e, BN_GENCB *cb)
298 {
299 if (r->meth->rsa_keygen)
300 return (*r->meth->rsa_keygen)(r, bits, e, cb);
301 return 0;
302 }
303
304
305 /*
306 *
307 */
308
309 static int
310 null_rsa_init(RSA *rsa)
311 {
312 return 1;
313 }
314
315 static int
316 null_rsa_finish(RSA *rsa)
317 {
318 return 1;
319 }
320
321 static const RSA_METHOD rsa_null_method = {
322 "hcrypto null RSA",
323 null_rsa_public_encrypt,
324 null_rsa_public_decrypt,
325 null_rsa_private_encrypt,
326 null_rsa_private_decrypt,
327 NULL,
328 NULL,
329 null_rsa_init,
330 null_rsa_finish,
331 0,
332 NULL,
333 NULL,
334 NULL
335 };
336
337 const RSA_METHOD *
338 RSA_null_method(void)
339 {
340 return &rsa_null_method;
341 }
342
343 extern const RSA_METHOD hc_rsa_imath_method;
344 #ifdef HAVE_GMP
345 static const RSA_METHOD *default_rsa_method = &hc_rsa_gmp_method;
346 #else
347 static const RSA_METHOD *default_rsa_method = &hc_rsa_imath_method;
348 #endif
349
350 const RSA_METHOD *
351 RSA_get_default_method(void)
352 {
353 return default_rsa_method;
354 }
355
356 void
357 RSA_set_default_method(const RSA_METHOD *meth)
358 {
359 default_rsa_method = meth;
360 }
361
362 /*
363 *
364 */
365
366 static BIGNUM *
367 heim_int2BN(const heim_integer *i)
368 {
369 BIGNUM *bn;
370
371 bn = BN_bin2bn(i->data, i->length, NULL);
372 if (bn)
373 BN_set_negative(bn, i->negative);
374 return bn;
375 }
376
377 static int
378 bn2heim_int(BIGNUM *bn, heim_integer *integer)
379 {
380 integer->length = BN_num_bytes(bn);
381 integer->data = malloc(integer->length);
382 if (integer->data == NULL) {
383 integer->length = 0;
384 return ENOMEM;
385 }
386 BN_bn2bin(bn, integer->data);
387 integer->negative = BN_is_negative(bn);
388 return 0;
389 }
390
391
392 RSA *
393 d2i_RSAPrivateKey(RSA *rsa, const unsigned char **pp, size_t len)
394 {
395 RSAPrivateKey data;
396 RSA *k = rsa;
397 size_t size;
398 int ret;
399
400 ret = decode_RSAPrivateKey(*pp, len, &data, &size);
401 if (ret)
402 return NULL;
403
404 *pp += size;
405
406 if (k == NULL) {
407 k = RSA_new();
408 if (k == NULL) {
409 free_RSAPrivateKey(&data);
410 return NULL;
411 }
412 }
413
414 k->n = heim_int2BN(&data.modulus);
415 k->e = heim_int2BN(&data.publicExponent);
416 k->d = heim_int2BN(&data.privateExponent);
417 k->p = heim_int2BN(&data.prime1);
418 k->q = heim_int2BN(&data.prime2);
419 k->dmp1 = heim_int2BN(&data.exponent1);
420 k->dmq1 = heim_int2BN(&data.exponent2);
421 k->iqmp = heim_int2BN(&data.coefficient);
422 free_RSAPrivateKey(&data);
423
424 if (k->n == NULL || k->e == NULL || k->d == NULL || k->p == NULL ||
425 k->q == NULL || k->dmp1 == NULL || k->dmq1 == NULL || k->iqmp == NULL)
426 {
427 RSA_free(k);
428 return NULL;
429 }
430
431 return k;
432 }
433
434 int
435 i2d_RSAPrivateKey(RSA *rsa, unsigned char **pp)
436 {
437 RSAPrivateKey data;
438 size_t size;
439 int ret;
440
441 if (rsa->n == NULL || rsa->e == NULL || rsa->d == NULL || rsa->p == NULL ||
442 rsa->q == NULL || rsa->dmp1 == NULL || rsa->dmq1 == NULL ||
443 rsa->iqmp == NULL)
444 return -1;
445
446 memset(&data, 0, sizeof(data));
447
448 ret = bn2heim_int(rsa->n, &data.modulus);
449 ret |= bn2heim_int(rsa->e, &data.publicExponent);
450 ret |= bn2heim_int(rsa->d, &data.privateExponent);
451 ret |= bn2heim_int(rsa->p, &data.prime1);
452 ret |= bn2heim_int(rsa->q, &data.prime2);
453 ret |= bn2heim_int(rsa->dmp1, &data.exponent1);
454 ret |= bn2heim_int(rsa->dmq1, &data.exponent2);
455 ret |= bn2heim_int(rsa->iqmp, &data.coefficient);
456 if (ret) {
457 free_RSAPrivateKey(&data);
458 return -1;
459 }
460
461 if (pp == NULL) {
462 size = length_RSAPrivateKey(&data);
463 free_RSAPrivateKey(&data);
464 } else {
465 void *p;
466 size_t len;
467
468 ASN1_MALLOC_ENCODE(RSAPrivateKey, p, len, &data, &size, ret);
469 free_RSAPrivateKey(&data);
470 if (ret)
471 return -1;
472 if (len != size)
473 abort();
474
475 memcpy(*pp, p, size);
476 free(p);
477
478 *pp += size;
479
480 }
481 return size;
482 }
483
484 int
485 i2d_RSAPublicKey(RSA *rsa, unsigned char **pp)
486 {
487 RSAPublicKey data;
488 size_t size;
489 int ret;
490
491 memset(&data, 0, sizeof(data));
492
493 if (bn2heim_int(rsa->n, &data.modulus) ||
494 bn2heim_int(rsa->e, &data.publicExponent))
495 {
496 free_RSAPublicKey(&data);
497 return -1;
498 }
499
500 if (pp == NULL) {
501 size = length_RSAPublicKey(&data);
502 free_RSAPublicKey(&data);
503 } else {
504 void *p;
505 size_t len;
506
507 ASN1_MALLOC_ENCODE(RSAPublicKey, p, len, &data, &size, ret);
508 free_RSAPublicKey(&data);
509 if (ret)
510 return -1;
511 if (len != size)
512 abort();
513
514 memcpy(*pp, p, size);
515 free(p);
516
517 *pp += size;
518 }
519
520 return size;
521 }
Heimdal