release/src/router/dropbear/genrsa.c

   1 /*
   2  * Dropbear - a SSH2 server
   3  *
   4  * Copyright (c) 2002,2003 Matt Johnston
   5  * All rights reserved.
   6  *
   7  * Permission is hereby granted, free of charge, to any person obtaining a copy
   8  * of this software and associated documentation files (the "Software"), to deal
   9  * in the Software without restriction, including without limitation the rights
  10  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
  11  * copies of the Software, and to permit persons to whom the Software is
  12  * furnished to do so, subject to the following conditions:
  13  *
  14  * The above copyright notice and this permission notice shall be included in
  15  * all copies or substantial portions of the Software.
  16  *
  17  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
  18  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  19  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
  20  * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
  21  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
  22  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  23  * SOFTWARE. */
  24
  25 #include "includes.h"
  26 #include "dbutil.h"
  27 #include "bignum.h"
  28 #include "dbrandom.h"
  29 #include "rsa.h"
  30 #include "genrsa.h"
  31
  32 #define RSA_E 65537
  33
  34 #ifdef DROPBEAR_RSA
  35
  36 static void getrsaprime(mp_int* prime, mp_int *primeminus,
  37                 mp_int* rsa_e, unsigned int size_bytes);
  38
  39 /* mostly taken from libtomcrypt's rsa key generation routine */
  40 dropbear_rsa_key * gen_rsa_priv_key(unsigned int size) {
  41
  42         dropbear_rsa_key * key;
  43         DEF_MP_INT(pminus);
  44         DEF_MP_INT(qminus);
  45         DEF_MP_INT(lcm);
  46
  47         if (size < 512 || size > 4096 || (size % 8 != 0)) {
  48                 dropbear_exit("Bits must satisfy 512 <= bits <= 4096, and be a"
  49                         " multiple of 8");
  50         }
  51
  52         key = m_malloc(sizeof(*key));
  53         m_mp_alloc_init_multi(&key->e, &key->n, &key->d, &key->p, &key->q, NULL);
  54         m_mp_init_multi(&pminus, &lcm, &qminus, NULL);
  55
  56         if (mp_set_int(key->e, RSA_E) != MP_OKAY) {
  57                 fprintf(stderr, "RSA generation failed\n");
  58                 exit(1);
  59         }
  60
  61         while (1) {
  62                 getrsaprime(key->p, &pminus, key->e, size/16);
  63                 getrsaprime(key->q, &qminus, key->e, size/16);
  64
  65                 if (mp_mul(key->p, key->q, key->n) != MP_OKAY) {
  66                         fprintf(stderr, "RSA generation failed\n");
  67                         exit(1);
  68                 }
  69
  70                 if ((unsigned int)mp_count_bits(key->n) == size) {
  71                         break;
  72                 }
  73         }
  74
  75         /* lcm(p-1, q-1) */
  76         if (mp_lcm(&pminus, &qminus, &lcm) != MP_OKAY) {
  77                 fprintf(stderr, "RSA generation failed\n");
  78                 exit(1);
  79         }
  80
  81         /* de = 1 mod lcm(p-1,q-1) */
  82         /* therefore d = (e^-1) mod lcm(p-1,q-1) */
  83         if (mp_invmod(key->e, &lcm, key->d) != MP_OKAY) {
  84                 fprintf(stderr, "RSA generation failed\n");
  85                 exit(1);
  86         }
  87
  88         mp_clear_multi(&pminus, &qminus, &lcm, NULL);
  89
  90         return key;
  91 }
  92
  93 /* return a prime suitable for p or q */
  94 static void getrsaprime(mp_int* prime, mp_int *primeminus,
  95                 mp_int* rsa_e, unsigned int size_bytes) {
  96
  97         unsigned char *buf;
  98         DEF_MP_INT(temp_gcd);
  99
 100         buf = (unsigned char*)m_malloc(size_bytes);
 101
 102         m_mp_init(&temp_gcd);
 103         do {
 104                 /* generate a random odd number with MSB set, then find the
 105                    the next prime above it */
 106                 genrandom(buf, size_bytes);
 107                 buf[0] |= 0x80;
 108
 109                 bytes_to_mp(prime, buf, size_bytes);
 110
 111                 /* find the next integer which is prime, 8 round of miller-rabin */
 112                 if (mp_prime_next_prime(prime, 8, 0) != MP_OKAY) {
 113                         fprintf(stderr, "RSA generation failed\n");
 114                         exit(1);
 115                 }
 116
 117                 /* subtract one to get p-1 */
 118                 if (mp_sub_d(prime, 1, primeminus) != MP_OKAY) {
 119                         fprintf(stderr, "RSA generation failed\n");
 120                         exit(1);
 121                 }
 122                 /* check relative primality to e */
 123                 if (mp_gcd(primeminus, rsa_e, &temp_gcd) != MP_OKAY) {
 124                         fprintf(stderr, "RSA generation failed\n");
 125                         exit(1);
 126                 }
 127         } while (mp_cmp_d(&temp_gcd, 1) != MP_EQ); /* while gcd(p-1, e) != 1 */
 128
 129         /* now we have a good value for result */
 130         mp_clear(&temp_gcd);
 131         m_burn(buf, size_bytes);
 132         m_free(buf);
 133 }
 134
 135 #endif /* DROPBEAR_RSA */