search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
speed for rsa
[heimdal.git] / lib / hcrypto / rsa.c
blobb4eb58ae585cb4874cc1e9c71a566d9f10b5827c
1 /*
2 * Copyright (c) 2006 - 2008 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include <config.h>
35
36 #include <stdio.h>
37 #include <stdlib.h>
38 #include <krb5-types.h>
39 #include <rfc2459_asn1.h>
40
41 #include <rsa.h>
42
43 #include <roken.h>
44
45 /**
46 * @page page_rsa RSA - public-key cryptography
47 *
48 * RSA is named by its inventors (Ron Rivest, Adi Shamir, and Leonard
49 * Adleman) (published in 1977), patented expired in 21 September 2000.
50 *
51 *
52 * Speed for RSA in seconds
53 * no key blinding
54 * 1000 iteration,
55 * same rsa key
56 * operation performed each eteration sign, verify, encrypt, decrypt on a random bit pattern
57 *
58 * gmp: 0.733615
59 * tfm: 2.450173 (default in hcrypto)
60 * openssl: 4.046564
61 * imath: 22.975163
62 *
63 * See the library functions here: @ref hcrypto_rsa
64 */
65
66 /**
67 * Same as RSA_new_method() using NULL as engine.
68 *
69 * @return a newly allocated RSA object. Free with RSA_free().
70 *
71 * @ingroup hcrypto_rsa
72 */
73
74 RSA *
75 RSA_new(void)
76 {
77 return RSA_new_method(NULL);
78 }
79
80 /**
81 * Allocate a new RSA object using the engine, if NULL is specified as
82 * the engine, use the default RSA engine as returned by
83 * ENGINE_get_default_RSA().
84 *
85 * @param engine Specific what ENGINE RSA provider should be used.
86 *
87 * @return a newly allocated RSA object. Free with RSA_free().
88 *
89 * @ingroup hcrypto_rsa
90 */
91
92 RSA *
93 RSA_new_method(ENGINE *engine)
94 {
95 RSA *rsa;
96
97 rsa = calloc(1, sizeof(*rsa));
98 if (rsa == NULL)
99 return NULL;
100
101 rsa->references = 1;
102
103 if (engine) {
104 ENGINE_up_ref(engine);
105 rsa->engine = engine;
106 } else {
107 rsa->engine = ENGINE_get_default_RSA();
108 }
109
110 if (rsa->engine) {
111 rsa->meth = ENGINE_get_RSA(rsa->engine);
112 if (rsa->meth == NULL) {
113 ENGINE_finish(engine);
114 free(rsa);
115 return 0;
116 }
117 }
118
119 if (rsa->meth == NULL)
120 rsa->meth = rk_UNCONST(RSA_get_default_method());
121
122 (*rsa->meth->init)(rsa);
123
124 return rsa;
125 }
126
127 /**
128 * Free an allocation RSA object.
129 *
130 * @param rsa the RSA object to free.
131 * @ingroup hcrypto_rsa
132 */
133
134 void
135 RSA_free(RSA *rsa)
136 {
137 if (rsa->references <= 0)
138 abort();
139
140 if (--rsa->references > 0)
141 return;
142
143 (*rsa->meth->finish)(rsa);
144
145 if (rsa->engine)
146 ENGINE_finish(rsa->engine);
147
148 #define free_if(f) if (f) { BN_free(f); }
149 free_if(rsa->n);
150 free_if(rsa->e);
151 free_if(rsa->d);
152 free_if(rsa->p);
153 free_if(rsa->q);
154 free_if(rsa->dmp1);
155 free_if(rsa->dmq1);
156 free_if(rsa->iqmp);
157 #undef free_if
158
159 memset(rsa, 0, sizeof(*rsa));
160 free(rsa);
161 }
162
163 /**
164 * Add an extra reference to the RSA object. The object should be free
165 * with RSA_free() to drop the reference.
166 *
167 * @param rsa the object to add reference counting too.
168 *
169 * @return the current reference count, can't safely be used except
170 * for debug printing.
171 *
172 * @ingroup hcrypto_rsa
173 */
174
175 int
176 RSA_up_ref(RSA *rsa)
177 {
178 return ++rsa->references;
179 }
180
181 /**
182 * Return the RSA_METHOD used for this RSA object.
183 *
184 * @param rsa the object to get the method from.
185 *
186 * @return the method used for this RSA object.
187 *
188 * @ingroup hcrypto_rsa
189 */
190
191 const RSA_METHOD *
192 RSA_get_method(const RSA *rsa)
193 {
194 return rsa->meth;
195 }
196
197 /**
198 * Set a new method for the RSA keypair.
199 *
200 * @param rsa rsa parameter.
201 * @param method the new method for the RSA parameter.
202 *
203 * @return 1 on success.
204 *
205 * @ingroup hcrypto_rsa
206 */
207
208 int
209 RSA_set_method(RSA *rsa, const RSA_METHOD *method)
210 {
211 (*rsa->meth->finish)(rsa);
212
213 if (rsa->engine) {
214 ENGINE_finish(rsa->engine);
215 rsa->engine = NULL;
216 }
217
218 rsa->meth = method;
219 (*rsa->meth->init)(rsa);
220 return 1;
221 }
222
223 /**
224 * Set the application data for the RSA object.
225 *
226 * @param rsa the rsa object to set the parameter for
227 * @param arg the data object to store
228 *
229 * @return 1 on success.
230 *
231 * @ingroup hcrypto_rsa
232 */
233
234 int
235 RSA_set_app_data(RSA *rsa, void *arg)
236 {
237 rsa->ex_data.sk = arg;
238 return 1;
239 }
240
241 /**
242 * Get the application data for the RSA object.
243 *
244 * @param rsa the rsa object to get the parameter for
245 *
246 * @return the data object
247 *
248 * @ingroup hcrypto_rsa
249 */
250
251 void *
252 RSA_get_app_data(RSA *rsa)
253 {
254 return rsa->ex_data.sk;
255 }
256
257 int
258 RSA_check_key(const RSA *key)
259 {
260 static const unsigned char inbuf[] = "hello, world!";
261 RSA *rsa = rk_UNCONST(key);
262 void *buffer;
263 int ret;
264
265 /*
266 * XXX I have no clue how to implement this w/o a bignum library.
267 * Well, when we have a RSA key pair, we can try to encrypt/sign
268 * and then decrypt/verify.
269 */
270
271 if ((rsa->d == NULL || rsa->n == NULL) &&
272 (rsa->p == NULL || rsa->q || rsa->dmp1 == NULL || rsa->dmq1 == NULL || rsa->iqmp == NULL))
273 return 0;
274
275 buffer = malloc(RSA_size(rsa));
276 if (buffer == NULL)
277 return 0;
278
279 ret = RSA_private_encrypt(sizeof(inbuf), inbuf, buffer,
280 rsa, RSA_PKCS1_PADDING);
281 if (ret == -1) {
282 free(buffer);
283 return 0;
284 }
285
286 ret = RSA_public_decrypt(ret, buffer, buffer,
287 rsa, RSA_PKCS1_PADDING);
288 if (ret == -1) {
289 free(buffer);
290 return 0;
291 }
292
293 if (ret == sizeof(inbuf) && ct_memcmp(buffer, inbuf, sizeof(inbuf)) == 0) {
294 free(buffer);
295 return 1;
296 }
297 free(buffer);
298 return 0;
299 }
300
301 int
302 RSA_size(const RSA *rsa)
303 {
304 return BN_num_bytes(rsa->n);
305 }
306
307 #define RSAFUNC(name, body) \
308 int \
309 name(int flen,const unsigned char* f, unsigned char* t, RSA* r, int p){\
310 return body; \
311 }
312
313 RSAFUNC(RSA_public_encrypt, (r)->meth->rsa_pub_enc(flen, f, t, r, p))
314 RSAFUNC(RSA_public_decrypt, (r)->meth->rsa_pub_dec(flen, f, t, r, p))
315 RSAFUNC(RSA_private_encrypt, (r)->meth->rsa_priv_enc(flen, f, t, r, p))
316 RSAFUNC(RSA_private_decrypt, (r)->meth->rsa_priv_dec(flen, f, t, r, p))
317
318 /* XXX */
319 int
320 RSA_sign(int type, const unsigned char *from, unsigned int flen,
321 unsigned char *to, unsigned int *tlen, RSA *rsa)
322 {
323 return -1;
324 }
325
326 int
327 RSA_verify(int type, const unsigned char *from, unsigned int flen,
328 unsigned char *to, unsigned int tlen, RSA *rsa)
329 {
330 return -1;
331 }
332
333 /*
334 * A NULL RSA_METHOD that returns failure for all operations. This is
335 * used as the default RSA method if we don't have any native
336 * support.
337 */
338
339 static RSAFUNC(null_rsa_public_encrypt, -1)
340 static RSAFUNC(null_rsa_public_decrypt, -1)
341 static RSAFUNC(null_rsa_private_encrypt, -1)
342 static RSAFUNC(null_rsa_private_decrypt, -1)
343
344 /*
345 *
346 */
347
348 int
349 RSA_generate_key_ex(RSA *r, int bits, BIGNUM *e, BN_GENCB *cb)
350 {
351 if (r->meth->rsa_keygen)
352 return (*r->meth->rsa_keygen)(r, bits, e, cb);
353 return 0;
354 }
355
356
357 /*
358 *
359 */
360
361 static int
362 null_rsa_init(RSA *rsa)
363 {
364 return 1;
365 }
366
367 static int
368 null_rsa_finish(RSA *rsa)
369 {
370 return 1;
371 }
372
373 static const RSA_METHOD rsa_null_method = {
374 "hcrypto null RSA",
375 null_rsa_public_encrypt,
376 null_rsa_public_decrypt,
377 null_rsa_private_encrypt,
378 null_rsa_private_decrypt,
379 NULL,
380 NULL,
381 null_rsa_init,
382 null_rsa_finish,
383 0,
384 NULL,
385 NULL,
386 NULL
387 };
388
389 const RSA_METHOD *
390 RSA_null_method(void)
391 {
392 return &rsa_null_method;
393 }
394
395 extern const RSA_METHOD hc_rsa_imath_method;
396 #ifdef HAVE_GMP
397 static const RSA_METHOD *default_rsa_method = &hc_rsa_gmp_method;
398 #else
399 static const RSA_METHOD *default_rsa_method = &hc_rsa_imath_method;
400 #endif
401
402 const RSA_METHOD *
403 RSA_get_default_method(void)
404 {
405 return default_rsa_method;
406 }
407
408 void
409 RSA_set_default_method(const RSA_METHOD *meth)
410 {
411 default_rsa_method = meth;
412 }
413
414 /*
415 *
416 */
417
418 static BIGNUM *
419 heim_int2BN(const heim_integer *i)
420 {
421 BIGNUM *bn;
422
423 bn = BN_bin2bn(i->data, i->length, NULL);
424 if (bn)
425 BN_set_negative(bn, i->negative);
426 return bn;
427 }
428
429 static int
430 bn2heim_int(BIGNUM *bn, heim_integer *integer)
431 {
432 integer->length = BN_num_bytes(bn);
433 integer->data = malloc(integer->length);
434 if (integer->data == NULL) {
435 integer->length = 0;
436 return ENOMEM;
437 }
438 BN_bn2bin(bn, integer->data);
439 integer->negative = BN_is_negative(bn);
440 return 0;
441 }
442
443
444 RSA *
445 d2i_RSAPrivateKey(RSA *rsa, const unsigned char **pp, size_t len)
446 {
447 RSAPrivateKey data;
448 RSA *k = rsa;
449 size_t size;
450 int ret;
451
452 ret = decode_RSAPrivateKey(*pp, len, &data, &size);
453 if (ret)
454 return NULL;
455
456 *pp += size;
457
458 if (k == NULL) {
459 k = RSA_new();
460 if (k == NULL) {
461 free_RSAPrivateKey(&data);
462 return NULL;
463 }
464 }
465
466 k->n = heim_int2BN(&data.modulus);
467 k->e = heim_int2BN(&data.publicExponent);
468 k->d = heim_int2BN(&data.privateExponent);
469 k->p = heim_int2BN(&data.prime1);
470 k->q = heim_int2BN(&data.prime2);
471 k->dmp1 = heim_int2BN(&data.exponent1);
472 k->dmq1 = heim_int2BN(&data.exponent2);
473 k->iqmp = heim_int2BN(&data.coefficient);
474 free_RSAPrivateKey(&data);
475
476 if (k->n == NULL || k->e == NULL || k->d == NULL || k->p == NULL ||
477 k->q == NULL || k->dmp1 == NULL || k->dmq1 == NULL || k->iqmp == NULL)
478 {
479 RSA_free(k);
480 return NULL;
481 }
482
483 return k;
484 }
485
486 int
487 i2d_RSAPrivateKey(RSA *rsa, unsigned char **pp)
488 {
489 RSAPrivateKey data;
490 size_t size;
491 int ret;
492
493 if (rsa->n == NULL || rsa->e == NULL || rsa->d == NULL || rsa->p == NULL ||
494 rsa->q == NULL || rsa->dmp1 == NULL || rsa->dmq1 == NULL ||
495 rsa->iqmp == NULL)
496 return -1;
497
498 memset(&data, 0, sizeof(data));
499
500 ret = bn2heim_int(rsa->n, &data.modulus);
501 ret |= bn2heim_int(rsa->e, &data.publicExponent);
502 ret |= bn2heim_int(rsa->d, &data.privateExponent);
503 ret |= bn2heim_int(rsa->p, &data.prime1);
504 ret |= bn2heim_int(rsa->q, &data.prime2);
505 ret |= bn2heim_int(rsa->dmp1, &data.exponent1);
506 ret |= bn2heim_int(rsa->dmq1, &data.exponent2);
507 ret |= bn2heim_int(rsa->iqmp, &data.coefficient);
508 if (ret) {
509 free_RSAPrivateKey(&data);
510 return -1;
511 }
512
513 if (pp == NULL) {
514 size = length_RSAPrivateKey(&data);
515 free_RSAPrivateKey(&data);
516 } else {
517 void *p;
518 size_t len;
519
520 ASN1_MALLOC_ENCODE(RSAPrivateKey, p, len, &data, &size, ret);
521 free_RSAPrivateKey(&data);
522 if (ret)
523 return -1;
524 if (len != size)
525 abort();
526
527 memcpy(*pp, p, size);
528 free(p);
529
530 *pp += size;
531
532 }
533 return size;
534 }
535
536 int
537 i2d_RSAPublicKey(RSA *rsa, unsigned char **pp)
538 {
539 RSAPublicKey data;
540 size_t size;
541 int ret;
542
543 memset(&data, 0, sizeof(data));
544
545 if (bn2heim_int(rsa->n, &data.modulus) ||
546 bn2heim_int(rsa->e, &data.publicExponent))
547 {
548 free_RSAPublicKey(&data);
549 return -1;
550 }
551
552 if (pp == NULL) {
553 size = length_RSAPublicKey(&data);
554 free_RSAPublicKey(&data);
555 } else {
556 void *p;
557 size_t len;
558
559 ASN1_MALLOC_ENCODE(RSAPublicKey, p, len, &data, &size, ret);
560 free_RSAPublicKey(&data);
561 if (ret)
562 return -1;
563 if (len != size)
564 abort();
565
566 memcpy(*pp, p, size);
567 free(p);
568
569 *pp += size;
570 }
571
572 return size;
573 }
574
575 RSA *
576 d2i_RSAPublicKey(RSA *rsa, const unsigned char **pp, size_t len)
577 {
578 RSAPublicKey data;
579 RSA *k = rsa;
580 size_t size;
581 int ret;
582
583 ret = decode_RSAPublicKey(*pp, len, &data, &size);
584 if (ret)
585 return NULL;
586
587 *pp += size;
588
589 if (k == NULL) {
590 k = RSA_new();
591 if (k == NULL) {
592 free_RSAPublicKey(&data);
593 return NULL;
594 }
595 }
596
597 k->n = heim_int2BN(&data.modulus);
598 k->e = heim_int2BN(&data.publicExponent);
599
600 free_RSAPublicKey(&data);
601
602 if (k->n == NULL || k->e == NULL) {
603 RSA_free(k);
604 return NULL;
605 }
606
607 return k;
608 }
Heimdal