oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Drop imath for ltm for speed reasons

Browse Source
This commit is contained in:
Love Hornquist Astrand
2010-10-02 12:28:27 -07:00
parent 0a608964a4
commit c6fb9428dd
20 changed files with 8 additions and 5009 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
doc/copyright.texi
View File

@@ -164,47 +164,10 @@ Tom's fast math (bignum support) and LibTomMath
LibTomMath is hereby released into the Public Domain.
TomsFastMath is public domain.
Note some ideas were borrowed from LibTomMath and OpenSSL. All of the code is original or ported
from LibTomMath [no code was ported from OpenSSL]. As such the origins and status of this code
are both public domain.
@end verbatim
@copynext
@heading Michael J. Fromberger
The RSA/DH support for libhcrypto.
@verbatim
IMath is Copyright 2002-2005 Michael J. Fromberger
You may use it subject to the following Licensing Terms:
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
@end verbatim
@copynext
@heading Doug Rabson
GSS-API mechglue layer.

18
lib/hcrypto/Makefile.am
View File

@@ -2,7 +2,7 @@
include $(top_srcdir)/Makefile.am.common
AM_CPPFLAGS += -I$(srcdir)/libtommath -DUSE_HCRYPTO_IMATH=1 -DUSE_HCRYPTO_LTM=1
AM_CPPFLAGS += -I$(srcdir)/libtommath -DUSE_HCRYPTO_LTM=1
lib_LTLIBRARIES = libhcrypto.la
check_LTLIBRARIES = libhctest.la
@@ -63,19 +63,16 @@ PROGRAM_TESTS = \
test_cipher \
test_engine_dso \
test_hmac \
test_imath \
test_pkcs12 \
test_pkcs5
libhctest_la_SOURCES = \
imath/imath.c \
des-tables.h \
des.c \
des.h \
ui.c \
ui.h
test_imath_LDADD = libhctest.la $(LIB_roken)
destest_LDADD = libhctest.la $(LIB_roken)
SCRIPT_TESTS = \
@@ -91,7 +88,6 @@ TESTS = $(PROGRAM_TESTS) $(SCRIPT_TESTS)
LDADD = $(lib_LTLIBRARIES) $(LIB_roken)
libhcrypto_la_SOURCES = \
$(imathsource) \
$(ltmsources) \
aes.c \
aes.h \
@@ -108,7 +104,6 @@ libhcrypto_la_SOURCES = \
des.h \
dh.c \
dh.h \
dh-imath.c \
dh-tfm.c \
dh-ltm.c \
dsa.c \
@@ -147,7 +142,6 @@ libhcrypto_la_SOURCES = \
rnd_keys.c \
rsa.c \
rsa-gmp.c \
rsa-imath.c \
rsa-tfm.c \
rsa-ltm.c \
rsa.h \
@@ -159,12 +153,6 @@ libhcrypto_la_SOURCES = \
ui.c \
ui.h
imathsource = \
imath/imath.c \
imath/imath.h \
imath/iprime.c \
imath/iprime.h
ltmsources = \
libtommath/tommath.h \
libtommath/tommath_class.h \
@@ -295,7 +283,7 @@ ltmsources = \
$(libhcrypto_la_OBJECTS): hcrypto-link
libhcrypto_la_CPPFLAGS = -DIMATH_LARGE_PRIME_TABLE -DTFM_CHECK -DTFM_TIMING_RESISTANT -DBUILD_HCRYPTO_LIB $(AM_CPPFLAGS)
libhcrypto_la_CPPFLAGS = -DBUILD_HCRYPTO_LIB $(AM_CPPFLAGS)
if versionscript
libhcrypto_la_LDFLAGS += $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map
@@ -333,8 +321,6 @@ EXTRA_DIST = \
ecdh.h \
ecdsa.h \
gen-des.pl \
imath/LICENSE \
imath/import.sh \
md5crypt_test.c \
passwd_dialog.aps \
passwd_dialog.clw \

254
lib/hcrypto/dh-imath.c
View File

@@ -1,254 +0,0 @@
/*
* Copyright (c) 2006 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include <config.h>
#include <stdio.h>
#include <stdlib.h>
#include <dh.h>
#ifdef USE_HCRYPTO_IMATH
#include <roken.h>
#include "imath/imath.h"
static void
BN2mpz(mpz_t *s, const BIGNUM *bn)
{
size_t len;
void *p;
len = BN_num_bytes(bn);
p = malloc(len);
BN_bn2bin(bn, p);
mp_int_read_unsigned(s, p, len);
free(p);
}
static BIGNUM *
mpz2BN(mpz_t *s)
{
size_t size;
BIGNUM *bn;
void *p;
size = mp_int_unsigned_len(s);
p = malloc(size);
if (p == NULL && size != 0)
return NULL;
mp_int_to_unsigned(s, p, size);
bn = BN_bin2bn(p, size, NULL);
free(p);
return bn;
}
/*
*
*/
#define DH_NUM_TRIES 10
static int
dh_generate_key(DH *dh)
{
mpz_t pub, priv_key, g, p;
int have_private_key = (dh->priv_key != NULL);
int codes, times = 0;
mp_result res;
if (dh->p == NULL || dh->g == NULL)
return 0;
while (times++ < DH_NUM_TRIES) {
if (!have_private_key) {
size_t bits = BN_num_bits(dh->p);
if (dh->priv_key)
BN_free(dh->priv_key);
dh->priv_key = BN_new();
if (dh->priv_key == NULL)
return 0;
if (!BN_rand(dh->priv_key, bits - 1, 0, 0)) {
BN_clear_free(dh->priv_key);
dh->priv_key = NULL;
return 0;
}
}
if (dh->pub_key)
BN_free(dh->pub_key);
mp_int_init(&pub);
mp_int_init(&priv_key);
mp_int_init(&g);
mp_int_init(&p);
BN2mpz(&priv_key, dh->priv_key);
BN2mpz(&g, dh->g);
BN2mpz(&p, dh->p);
res = mp_int_exptmod(&g, &priv_key, &p, &pub);
mp_int_clear(&priv_key);
mp_int_clear(&g);
mp_int_clear(&p);
if (res != MP_OK)
continue;
dh->pub_key = mpz2BN(&pub);
mp_int_clear(&pub);
if (dh->pub_key == NULL)
return 0;
if (DH_check_pubkey(dh, dh->pub_key, &codes) && codes == 0)
break;
if (have_private_key)
return 0;
}
if (times >= DH_NUM_TRIES) {
if (!have_private_key && dh->priv_key) {
BN_free(dh->priv_key);
dh->priv_key = NULL;
}
if (dh->pub_key) {
BN_free(dh->pub_key);
dh->pub_key = NULL;
}
return 0;
}
return 1;
}
static int
dh_compute_key(unsigned char *shared, const BIGNUM * pub, DH *dh)
{
mpz_t s, priv_key, p, peer_pub;
size_t size = 0;
mp_result res;
if (dh->pub_key == NULL || dh->g == NULL || dh->priv_key == NULL)
return -1;
mp_int_init(&p);
BN2mpz(&p, dh->p);
mp_int_init(&peer_pub);
BN2mpz(&peer_pub, pub);
/* check if peers pubkey is reasonable */
if (MP_SIGN(&peer_pub) == MP_NEG
|| mp_int_compare(&peer_pub, &p) >= 0
|| mp_int_compare_value(&peer_pub, 1) <= 0)
{
mp_int_clear(&p);
mp_int_clear(&peer_pub);
return -1;
}
mp_int_init(&priv_key);
BN2mpz(&priv_key, dh->priv_key);
mp_int_init(&s);
mp_int_exptmod(&peer_pub, &priv_key, &p, &s);
mp_int_clear(&p);
mp_int_clear(&peer_pub);
mp_int_clear(&priv_key);
size = mp_int_unsigned_len(&s);
res = mp_int_to_unsigned(&s, shared, size);
mp_int_clear(&s);
return (res == MP_OK) ? size : -1;
}
static int
dh_generate_params(DH *dh, int a, int b, BN_GENCB *callback)
{
/* groups should already be known, we don't care about this */
return 0;
}
static int
dh_init(DH *dh)
{
return 1;
}
static int
dh_finish(DH *dh)
{
return 1;
}
/*
*
*/
const DH_METHOD _hc_dh_imath_method = {
"hcrypto imath DH",
dh_generate_key,
dh_compute_key,
NULL,
dh_init,
dh_finish,
0,
NULL,
dh_generate_params
};
#endif /* USE_HCRYPTO_DH_IMATH */
/**
* DH implementation using libimath.
*
* @return the DH_METHOD for the DH implementation using libimath.
*
* @ingroup hcrypto_dh
*/
const DH_METHOD *
DH_imath_method(void)
{
#ifdef USE_HCRYPTO_DH_IMATH
return &_hc_dh_imath_method;
#else
return NULL;
#endif
}

4
lib/hcrypto/dh-ltm.c
View File

@@ -235,9 +235,9 @@ const DH_METHOD _hc_dh_ltm_method = {
};
/**
* DH implementation using libimath.
* DH implementation using libtommath.
*
* @return the DH_METHOD for the DH implementation using libimath.
* @return the DH_METHOD for the DH implementation using libtommath.
*
* @ingroup hcrypto_dh
*/

4
lib/hcrypto/dh-tfm.c
View File

@@ -235,9 +235,9 @@ const DH_METHOD _hc_dh_tfm_method = {
};
/**
* DH implementation using libimath.
* DH implementation using tfm.
*
* @return the DH_METHOD for the DH implementation using libimath.
* @return the DH_METHOD for the DH implementation using tfm.
*
* @ingroup hcrypto_dh
*/

4
lib/hcrypto/dh.c
View File

@@ -445,8 +445,8 @@ static const DH_METHOD dh_null_method = {
dh_null_generate_params
};
extern const DH_METHOD _hc_dh_imath_method;
static const DH_METHOD *dh_default_method = &_hc_dh_imath_method;
extern const DH_METHOD _hc_dh_ltm_method;
static const DH_METHOD *dh_default_method = &_hc_dh_ltm_method;
/**
* Return the dummy DH implementation.

2
lib/hcrypto/dh.h
View File

@@ -40,7 +40,6 @@
/* symbol renaming */
#define DH_null_method hc_DH_null_method
#define DH_imath_method hc_DH_imath_method
#define DH_tfm_method hc_DH_tfm_method
#define DH_ltm_method hc_DH_ltm_method
#define DH_new hc_DH_new
@@ -119,7 +118,6 @@ struct DH {
const DH_METHOD *DH_null_method(void);
const DH_METHOD *DH_tfm_method(void);
const DH_METHOD *DH_ltm_method(void);
const DH_METHOD *DH_imath_method(void);
DH * DH_new(void);
DH * DH_new_method(ENGINE *);

20
lib/hcrypto/engine.c
View File

@@ -284,26 +284,6 @@ ENGINE_load_builtin_engines(void)
ENGINE_finish(engine);
#endif
#ifdef USE_HCRYPTO_IMATH
/*
* imath
*/
engine = ENGINE_new();
if (engine == NULL)
return;
ENGINE_set_id(engine, "imath");
ENGINE_set_name(engine,
"Heimdal crypto imath engine version " PACKAGE_VERSION);
ENGINE_set_RSA(engine, RSA_imath_method());
ENGINE_set_DH(engine, DH_imath_method());
ret = add_engine(engine);
if (ret != 1)
ENGINE_finish(engine);
#endif
#ifdef HAVE_GMP
/*
* gmp

21
lib/hcrypto/imath/LICENSE
View File

@@ -1,21 +0,0 @@
IMath is Copyright © 2002-2008 Michael J. Fromberger
You may use it subject to the following Licensing Terms:
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

3353
lib/hcrypto/imath/imath.c
View File

File diff suppressed because it is too large Load Diff

231
lib/hcrypto/imath/imath.h
View File

@@ -1,231 +0,0 @@
/*
Name: imath.h
Purpose: Arbitrary precision integer arithmetic routines.
Author: M. J. Fromberger <http://spinning-yarns.org/michael/>
Info: $Id: imath.h 635 2008-01-08 18:19:40Z sting $
Copyright (C) 2002-2007 Michael J. Fromberger, All Rights Reserved.
Permission is hereby granted, free of charge, to any person
obtaining a copy of this software and associated documentation files
(the "Software"), to deal in the Software without restriction,
including without limitation the rights to use, copy, modify, merge,
publish, distribute, sublicense, and/or sell copies of the Software,
and to permit persons to whom the Software is furnished to do so,
subject to the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
*/
#ifndef IMATH_H_
#define IMATH_H_
#include <limits.h>
#ifdef __cplusplus
extern "C" {
#endif
typedef unsigned char mp_sign;
typedef unsigned int mp_size;
typedef int mp_result;
typedef long mp_small; /* must be a signed type */
typedef unsigned long mp_usmall; /* must be an unsigned type */
#ifdef USE_LONG_LONG
typedef unsigned int mp_digit;
typedef unsigned long long mp_word;
#else
typedef unsigned short mp_digit;
typedef unsigned int mp_word;
#endif
typedef struct mpz {
mp_digit single;
mp_digit *digits;
mp_size alloc;
mp_size used;
mp_sign sign;
} mpz_t, *mp_int;
#define MP_DIGITS(Z) ((Z)->digits)
#define MP_ALLOC(Z) ((Z)->alloc)
#define MP_USED(Z) ((Z)->used)
#define MP_SIGN(Z) ((Z)->sign)
extern const mp_result MP_OK;
extern const mp_result MP_FALSE;
extern const mp_result MP_TRUE;
extern const mp_result MP_MEMORY;
extern const mp_result MP_RANGE;
extern const mp_result MP_UNDEF;
extern const mp_result MP_TRUNC;
extern const mp_result MP_BADARG;
extern const mp_result MP_MINERR;
#define MP_DIGIT_BIT (sizeof(mp_digit) * CHAR_BIT)
#define MP_WORD_BIT (sizeof(mp_word) * CHAR_BIT)
#define MP_SMALL_MIN LONG_MIN
#define MP_SMALL_MAX LONG_MAX
#define MP_USMALL_MIN ULONG_MIN
#define MP_USMALL_MAX ULONG_MAX
#ifdef USE_LONG_LONG
# ifndef ULONG_LONG_MAX
# ifdef ULLONG_MAX
# define ULONG_LONG_MAX ULLONG_MAX
# else
# error "Maximum value of unsigned long long not defined!"
# endif
# endif
# define MP_DIGIT_MAX (ULONG_MAX * 1ULL)
# define MP_WORD_MAX ULONG_LONG_MAX
#else
# define MP_DIGIT_MAX (USHRT_MAX * 1UL)
# define MP_WORD_MAX (UINT_MAX * 1UL)
#endif
#define MP_MIN_RADIX 2
#define MP_MAX_RADIX 36
/* Values with fewer than this many significant digits use the
standard multiplication algorithm; otherwise, a recursive algorithm
is used. Choose a value to suit your platform.
*/
#define MP_MULT_THRESH 22
#define MP_DEFAULT_PREC 8 /* default memory allocation, in digits */
extern const mp_sign MP_NEG;
extern const mp_sign MP_ZPOS;
#define mp_int_is_odd(Z) ((Z)->digits[0] & 1)
#define mp_int_is_even(Z) !((Z)->digits[0] & 1)
mp_result mp_int_init(mp_int z);
mp_int mp_int_alloc(void);
mp_result mp_int_init_size(mp_int z, mp_size prec);
mp_result mp_int_init_copy(mp_int z, mp_int old);
mp_result mp_int_init_value(mp_int z, mp_small value);
mp_result mp_int_set_value(mp_int z, mp_small value);
void mp_int_clear(mp_int z);
void mp_int_free(mp_int z);
mp_result mp_int_copy(mp_int a, mp_int c); /* c = a */
void mp_int_swap(mp_int a, mp_int c); /* swap a, c */
void mp_int_zero(mp_int z); /* z = 0 */
mp_result mp_int_abs(mp_int a, mp_int c); /* c = |a| */
mp_result mp_int_neg(mp_int a, mp_int c); /* c = -a */
mp_result mp_int_add(mp_int a, mp_int b, mp_int c); /* c = a + b */
mp_result mp_int_add_value(mp_int a, mp_small value, mp_int c);
mp_result mp_int_sub(mp_int a, mp_int b, mp_int c); /* c = a - b */
mp_result mp_int_sub_value(mp_int a, mp_small value, mp_int c);
mp_result mp_int_mul(mp_int a, mp_int b, mp_int c); /* c = a * b */
mp_result mp_int_mul_value(mp_int a, mp_small value, mp_int c);
mp_result mp_int_mul_pow2(mp_int a, mp_small p2, mp_int c);
mp_result mp_int_sqr(mp_int a, mp_int c); /* c = a * a */
mp_result mp_int_div(mp_int a, mp_int b, /* q = a / b */
mp_int q, mp_int r); /* r = a % b */
mp_result mp_int_div_value(mp_int a, mp_small value, /* q = a / value */
mp_int q, mp_small *r); /* r = a % value */
mp_result mp_int_div_pow2(mp_int a, mp_small p2, /* q = a / 2^p2 */
mp_int q, mp_int r); /* r = q % 2^p2 */
mp_result mp_int_mod(mp_int a, mp_int m, mp_int c); /* c = a % m */
#define mp_int_mod_value(A, V, R) mp_int_div_value((A), (V), 0, (R))
mp_result mp_int_expt(mp_int a, mp_small b, mp_int c); /* c = a^b */
mp_result mp_int_expt_value(mp_small a, mp_small b, mp_int c); /* c = a^b */
int mp_int_compare(mp_int a, mp_int b); /* a <=> b */
int mp_int_compare_unsigned(mp_int a, mp_int b); /* |a| <=> |b| */
int mp_int_compare_zero(mp_int z); /* a <=> 0 */
int mp_int_compare_value(mp_int z, mp_small value); /* a <=> v */
/* Returns true if v|a, false otherwise (including errors) */
int mp_int_divisible_value(mp_int a, mp_small v);
/* Returns k >= 0 such that z = 2^k, if one exists; otherwise < 0 */
int mp_int_is_pow2(mp_int z);
mp_result mp_int_exptmod(mp_int a, mp_int b, mp_int m,
mp_int c); /* c = a^b (mod m) */
mp_result mp_int_exptmod_evalue(mp_int a, mp_small value,
mp_int m, mp_int c); /* c = a^v (mod m) */
mp_result mp_int_exptmod_bvalue(mp_small value, mp_int b,
mp_int m, mp_int c); /* c = v^b (mod m) */
mp_result mp_int_exptmod_known(mp_int a, mp_int b,
mp_int m, mp_int mu,
mp_int c); /* c = a^b (mod m) */
mp_result mp_int_redux_const(mp_int m, mp_int c);
mp_result mp_int_invmod(mp_int a, mp_int m, mp_int c); /* c = 1/a (mod m) */
mp_result mp_int_gcd(mp_int a, mp_int b, mp_int c); /* c = gcd(a, b) */
mp_result mp_int_egcd(mp_int a, mp_int b, mp_int c, /* c = gcd(a, b) */
mp_int x, mp_int y); /* c = ax + by */
mp_result mp_int_lcm(mp_int a, mp_int b, mp_int c); /* c = lcm(a, b) */
mp_result mp_int_root(mp_int a, mp_small b, mp_int c); /* c = floor(a^{1/b}) */
#define mp_int_sqrt(a, c) mp_int_root(a, 2, c) /* c = floor(sqrt(a)) */
/* Convert to a small int, if representable; else MP_RANGE */
mp_result mp_int_to_int(mp_int z, mp_small *out);
mp_result mp_int_to_uint(mp_int z, mp_usmall *out);
/* Convert to nul-terminated string with the specified radix, writing at
most limit characters including the nul terminator */
mp_result mp_int_to_string(mp_int z, mp_size radix,
char *str, int limit);
/* Return the number of characters required to represent
z in the given radix. May over-estimate. */
mp_result mp_int_string_len(mp_int z, mp_size radix);
/* Read zero-terminated string into z */
mp_result mp_int_read_string(mp_int z, mp_size radix, const char *str);
mp_result mp_int_read_cstring(mp_int z, mp_size radix, const char *str,
char **end);
/* Return the number of significant bits in z */
mp_result mp_int_count_bits(mp_int z);
/* Convert z to two's complement binary, writing at most limit bytes */
mp_result mp_int_to_binary(mp_int z, unsigned char *buf, int limit);
/* Read a two's complement binary value into z from the given buffer */
mp_result mp_int_read_binary(mp_int z, unsigned char *buf, int len);
/* Return the number of bytes required to represent z in binary. */
mp_result mp_int_binary_len(mp_int z);
/* Convert z to unsigned binary, writing at most limit bytes */
mp_result mp_int_to_unsigned(mp_int z, unsigned char *buf, int limit);
/* Read an unsigned binary value into z from the given buffer */
mp_result mp_int_read_unsigned(mp_int z, unsigned char *buf, int len);
/* Return the number of bytes required to represent z as unsigned output */
mp_result mp_int_unsigned_len(mp_int z);
/* Return a statically allocated string describing error code res */
const char *mp_error_string(mp_result res);
#if DEBUG
void s_print(char *tag, mp_int z);
void s_print_buf(char *tag, mp_digit *buf, mp_size num);
#endif
#ifdef __cplusplus
}
#endif
#endif /* end IMATH_H_ */

26
lib/hcrypto/imath/import.sh
View File

@@ -1,26 +0,0 @@
#!/bin/sh
# $Id$
dir=$1
if test ! -f "$dir"/imdrover.c ; then
echo $dir doesnt seem to contain imath
exit 1
fi
rm *.[ch]
headers=`grep ^HDRS "$dir"/Makefile |sed 's/^HDRS=//' | sed 's/imdrover.h//'`
code=`echo $headers | sed 's/imrat.h//g'`
code=`echo $headers | sed 's/rsamath.h//g'`
code=`echo $headers | sed 's/\.h/.c/g'`
for a in $headers $code LICENSE ; do
cp "$dir"/"$a" .
done
echo "imathsource = \\"
for a in $headers $code ; do
echo " imath/$a \\"
done | sort

189
lib/hcrypto/imath/iprime.c
View File

@@ -1,189 +0,0 @@
/*
Name: iprime.c
Purpose: Pseudoprimality testing routines
Author: M. J. Fromberger <http://spinning-yarns.org/michael/>
Info: $Id: iprime.c 635 2008-01-08 18:19:40Z sting $
Copyright (C) 2002-2008 Michael J. Fromberger, All Rights Reserved.
Permission is hereby granted, free of charge, to any person
obtaining a copy of this software and associated documentation files
(the "Software"), to deal in the Software without restriction,
including without limitation the rights to use, copy, modify, merge,
publish, distribute, sublicense, and/or sell copies of the Software,
and to permit persons to whom the Software is furnished to do so,
subject to the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
*/
#include "iprime.h"
#include <stdlib.h>
static const int s_ptab[] = {
3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43,
47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97, 101,
103, 107, 109, 113, 127, 131, 137, 139, 149, 151,
157, 163, 167, 173, 179, 181, 191, 193, 197, 199,
211, 223, 227, 229, 233, 239, 241, 251, 257, 263,
269, 271, 277, 281, 283, 293, 307, 311, 313, 317,
331, 337, 347, 349, 353, 359, 367, 373, 379, 383,
389, 397, 401, 409, 419, 421, 431, 433, 439, 443,
449, 457, 461, 463, 467, 479, 487, 491, 499, 503,
509, 521, 523, 541, 547, 557, 563, 569, 571, 577,
587, 593, 599, 601, 607, 613, 617, 619, 631, 641,
643, 647, 653, 659, 661, 673, 677, 683, 691, 701,
709, 719, 727, 733, 739, 743, 751, 757, 761, 769,
773, 787, 797, 809, 811, 821, 823, 827, 829, 839,
853, 857, 859, 863, 877, 881, 883, 887, 907, 911,
919, 929, 937, 941, 947, 953, 967, 971, 977, 983,
991, 997
#ifdef IMATH_LARGE_PRIME_TABLE
, 1009, 1013, 1019, 1021, 1031, 1033,
1039, 1049, 1051, 1061, 1063, 1069, 1087, 1091,
1093, 1097, 1103, 1109, 1117, 1123, 1129, 1151,
1153, 1163, 1171, 1181, 1187, 1193, 1201, 1213,
1217, 1223, 1229, 1231, 1237, 1249, 1259, 1277,
1279, 1283, 1289, 1291, 1297, 1301, 1303, 1307,
1319, 1321, 1327, 1361, 1367, 1373, 1381, 1399,
1409, 1423, 1427, 1429, 1433, 1439, 1447, 1451,
1453, 1459, 1471, 1481, 1483, 1487, 1489, 1493,
1499, 1511, 1523, 1531, 1543, 1549, 1553, 1559,
1567, 1571, 1579, 1583, 1597, 1601, 1607, 1609,
1613, 1619, 1621, 1627, 1637, 1657, 1663, 1667,
1669, 1693, 1697, 1699, 1709, 1721, 1723, 1733,
1741, 1747, 1753, 1759, 1777, 1783, 1787, 1789,
1801, 1811, 1823, 1831, 1847, 1861, 1867, 1871,
1873, 1877, 1879, 1889, 1901, 1907, 1913, 1931,
1933, 1949, 1951, 1973, 1979, 1987, 1993, 1997,
1999, 2003, 2011, 2017, 2027, 2029, 2039, 2053,
2063, 2069, 2081, 2083, 2087, 2089, 2099, 2111,
2113, 2129, 2131, 2137, 2141, 2143, 2153, 2161,
2179, 2203, 2207, 2213, 2221, 2237, 2239, 2243,
2251, 2267, 2269, 2273, 2281, 2287, 2293, 2297,
2309, 2311, 2333, 2339, 2341, 2347, 2351, 2357,
2371, 2377, 2381, 2383, 2389, 2393, 2399, 2411,
2417, 2423, 2437, 2441, 2447, 2459, 2467, 2473,
2477, 2503, 2521, 2531, 2539, 2543, 2549, 2551,
2557, 2579, 2591, 2593, 2609, 2617, 2621, 2633,
2647, 2657, 2659, 2663, 2671, 2677, 2683, 2687,
2689, 2693, 2699, 2707, 2711, 2713, 2719, 2729,
2731, 2741, 2749, 2753, 2767, 2777, 2789, 2791,
2797, 2801, 2803, 2819, 2833, 2837, 2843, 2851,
2857, 2861, 2879, 2887, 2897, 2903, 2909, 2917,
2927, 2939, 2953, 2957, 2963, 2969, 2971, 2999,
3001, 3011, 3019, 3023, 3037, 3041, 3049, 3061,
3067, 3079, 3083, 3089, 3109, 3119, 3121, 3137,
3163, 3167, 3169, 3181, 3187, 3191, 3203, 3209,
3217, 3221, 3229, 3251, 3253, 3257, 3259, 3271,
3299, 3301, 3307, 3313, 3319, 3323, 3329, 3331,
3343, 3347, 3359, 3361, 3371, 3373, 3389, 3391,
3407, 3413, 3433, 3449, 3457, 3461, 3463, 3467,
3469, 3491, 3499, 3511, 3517, 3527, 3529, 3533,
3539, 3541, 3547, 3557, 3559, 3571, 3581, 3583,
3593, 3607, 3613, 3617, 3623, 3631, 3637, 3643,
3659, 3671, 3673, 3677, 3691, 3697, 3701, 3709,
3719, 3727, 3733, 3739, 3761, 3767, 3769, 3779,
3793, 3797, 3803, 3821, 3823, 3833, 3847, 3851,
3853, 3863, 3877, 3881, 3889, 3907, 3911, 3917,
3919, 3923, 3929, 3931, 3943, 3947, 3967, 3989,
4001, 4003, 4007, 4013, 4019, 4021, 4027, 4049,
4051, 4057, 4073, 4079, 4091, 4093, 4099, 4111,
4127, 4129, 4133, 4139, 4153, 4157, 4159, 4177,
4201, 4211, 4217, 4219, 4229, 4231, 4241, 4243,
4253, 4259, 4261, 4271, 4273, 4283, 4289, 4297,
4327, 4337, 4339, 4349, 4357, 4363, 4373, 4391,
4397, 4409, 4421, 4423, 4441, 4447, 4451, 4457,
4463, 4481, 4483, 4493, 4507, 4513, 4517, 4519,
4523, 4547, 4549, 4561, 4567, 4583, 4591, 4597,
4603, 4621, 4637, 4639, 4643, 4649, 4651, 4657,
4663, 4673, 4679, 4691, 4703, 4721, 4723, 4729,
4733, 4751, 4759, 4783, 4787, 4789, 4793, 4799,
4801, 4813, 4817, 4831, 4861, 4871, 4877, 4889,
4903, 4909, 4919, 4931, 4933, 4937, 4943, 4951,
4957, 4967, 4969, 4973, 4987, 4993, 4999
#endif
};
static const int s_ptab_size = sizeof(s_ptab)/sizeof(s_ptab[0]);
/* {{{ mp_int_is_prime(z) */
/* Test whether z is likely to be prime:
MP_TRUE means it is probably prime
MP_FALSE means it is definitely composite
*/
mp_result mp_int_is_prime(mp_int z)
{
int i;
mp_small rem;
mp_result res;
/* First check for divisibility by small primes; this eliminates a
large number of composite candidates quickly
*/
for(i = 0; i < s_ptab_size; ++i) {
if((res = mp_int_div_value(z, s_ptab[i], NULL, &rem)) != MP_OK)
return res;
if(rem == 0)
return MP_FALSE;
}
/* Now try Fermat's test for several prime witnesses (since we now
know from the above that z is not a multiple of any of them)
*/
{
mpz_t tmp;
if((res = mp_int_init(&tmp)) != MP_OK) return res;
for(i = 0; i < 10 && i < s_ptab_size; ++i) {
if((res = mp_int_exptmod_bvalue(s_ptab[i], z, z, &tmp)) != MP_OK)
return res;
if(mp_int_compare_value(&tmp, s_ptab[i]) != 0) {
mp_int_clear(&tmp);
return MP_FALSE;
}
}
mp_int_clear(&tmp);
}
return MP_TRUE;
}
/* }}} */
/* {{{ mp_int_find_prime(z) */
/* Find the first apparent prime in ascending order from z */
mp_result mp_int_find_prime(mp_int z)
{
mp_result res;
if(mp_int_is_even(z) && ((res = mp_int_add_value(z, 1, z)) != MP_OK))
return res;
while((res = mp_int_is_prime(z)) == MP_FALSE) {
if((res = mp_int_add_value(z, 2, z)) != MP_OK)
break;
}
return res;
}
/* }}} */
/* Here there be dragons */

51
lib/hcrypto/imath/iprime.h
View File

@@ -1,51 +0,0 @@
/*
Name: iprime.h
Purpose: Pseudoprimality testing routines
Author: M. J. Fromberger <http://spinning-yarns.org/michael/>
Info: $Id: iprime.h 635 2008-01-08 18:19:40Z sting $
Copyright (C) 2002-2008 Michael J. Fromberger, All Rights Reserved.
Permission is hereby granted, free of charge, to any person
obtaining a copy of this software and associated documentation files
(the "Software"), to deal in the Software without restriction,
including without limitation the rights to use, copy, modify, merge,
publish, distribute, sublicense, and/or sell copies of the Software,
and to permit persons to whom the Software is furnished to do so,
subject to the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
*/
#ifndef IPRIME_H_
#define IPRIME_H_
#include "imath.h"
#ifdef __cplusplus
extern "C" {
#endif
/* Test whether z is likely to be prime
MP_YES means it is probably prime
MP_NO means it is definitely composite
*/
mp_result mp_int_is_prime(mp_int z);
/* Find the first apparent prime in ascending order from z */
mp_result mp_int_find_prime(mp_int z);
#ifdef __cplusplus
}
#endif
#endif /* IPRIME_H_ */

2
lib/hcrypto/libhcrypto-exports.def
View File

@@ -66,7 +66,6 @@ EXPORTS
hc_DH_generate_parameters_ex
hc_DH_get_default_method
hc_DH_get_ex_data
hc_DH_imath_method
hc_DH_ltm_method
;! hc_DH_gmp_method
hc_DH_new
@@ -249,7 +248,6 @@ EXPORTS
hc_RSA_get_default_method
hc_RSA_get_method
hc_RSA_imath_method
hc_RSA_ltm_method ;!
hc_RSA_new
hc_RSA_new_method
hc_RSA_null_method

688
lib/hcrypto/rsa-imath.c
View File

@@ -1,688 +0,0 @@
/*
* Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include <config.h>
#include <stdio.h>
#include <stdlib.h>
#include <krb5-types.h>
#include <assert.h>
#include <rsa.h>
#include <roken.h>
#ifdef USE_HCRYPTO_IMATH
#include "imath/imath.h"
#include "imath/iprime.h"
static void
BN2mpz(mpz_t *s, const BIGNUM *bn)
{
size_t len;
void *p;
mp_int_init(s);
len = BN_num_bytes(bn);
p = malloc(len);
BN_bn2bin(bn, p);
mp_int_read_unsigned(s, p, len);
free(p);
}
static BIGNUM *
mpz2BN(mpz_t *s)
{
size_t size;
BIGNUM *bn;
void *p;
size = mp_int_unsigned_len(s);
p = malloc(size);
if (p == NULL && size != 0)
return NULL;
mp_int_to_unsigned(s, p, size);
bn = BN_bin2bn(p, size, NULL);
free(p);
return bn;
}
static int random_num(mp_int, size_t);
static void
setup_blind(mp_int n, mp_int b, mp_int bi)
{
mp_int_init(b);
mp_int_init(bi);
random_num(b, mp_int_count_bits(n));
mp_int_mod(b, n, b);
mp_int_invmod(b, n, bi);
}
static void
blind(mp_int in, mp_int b, mp_int e, mp_int n)
{
mpz_t t1;
mp_int_init(&t1);
/* in' = (in * b^e) mod n */
mp_int_exptmod(b, e, n, &t1);
mp_int_mul(&t1, in, in);
mp_int_mod(in, n, in);
mp_int_clear(&t1);
}
static void
unblind(mp_int out, mp_int bi, mp_int n)
{
/* out' = (out * 1/b) mod n */
mp_int_mul(out, bi, out);
mp_int_mod(out, n, out);
}
static mp_result
rsa_private_calculate(mp_int in, mp_int p, mp_int q,
mp_int dmp1, mp_int dmq1, mp_int iqmp,
mp_int out)
{
mpz_t vp, vq, u;
mp_int_init(&vp); mp_int_init(&vq); mp_int_init(&u);
/* vq = c ^ (d mod (q - 1)) mod q */
/* vp = c ^ (d mod (p - 1)) mod p */
mp_int_mod(in, p, &u);
mp_int_exptmod(&u, dmp1, p, &vp);
mp_int_mod(in, q, &u);
mp_int_exptmod(&u, dmq1, q, &vq);
/* C2 = 1/q mod p (iqmp) */
/* u = (vp - vq)C2 mod p. */
mp_int_sub(&vp, &vq, &u);
if (mp_int_compare_zero(&u) < 0)
mp_int_add(&u, p, &u);
mp_int_mul(&u, iqmp, &u);
mp_int_mod(&u, p, &u);
/* c ^ d mod n = vq + u q */
mp_int_mul(&u, q, &u);
mp_int_add(&u, &vq, out);
mp_int_clear(&vp);
mp_int_clear(&vq);
mp_int_clear(&u);
return MP_OK;
}
/*
*
*/
static int
imath_rsa_public_encrypt(int flen, const unsigned char* from,
unsigned char* to, RSA* rsa, int padding)
{
unsigned char *p, *p0;
mp_result res;
size_t size, padlen;
mpz_t enc, dec, n, e;
if (padding != RSA_PKCS1_PADDING)
return -1;
size = RSA_size(rsa);
if (size < RSA_PKCS1_PADDING_SIZE || size - RSA_PKCS1_PADDING_SIZE < flen)
return -2;
BN2mpz(&n, rsa->n);
BN2mpz(&e, rsa->e);
p = p0 = malloc(size - 1);
if (p0 == NULL) {
mp_int_clear(&e);
mp_int_clear(&n);
return -3;
}
padlen = size - flen - 3;
*p++ = 2;
if (RAND_bytes(p, padlen) != 1) {
mp_int_clear(&e);
mp_int_clear(&n);
free(p0);
return -4;
}
while(padlen) {
if (*p == 0)
*p = 1;
padlen--;
p++;
}
*p++ = 0;
memcpy(p, from, flen);
p += flen;
assert((p - p0) == size - 1);
mp_int_init(&enc);
mp_int_init(&dec);
mp_int_read_unsigned(&dec, p0, size - 1);
free(p0);
res = mp_int_exptmod(&dec, &e, &n, &enc);
mp_int_clear(&dec);
mp_int_clear(&e);
mp_int_clear(&n);
if (res != MP_OK)
return -4;
{
size_t ssize;
ssize = mp_int_unsigned_len(&enc);
assert(size >= ssize);
mp_int_to_unsigned(&enc, to, ssize);
size = ssize;
}
mp_int_clear(&enc);
return size;
}
static int
imath_rsa_public_decrypt(int flen, const unsigned char* from,
unsigned char* to, RSA* rsa, int padding)
{
unsigned char *p;
mp_result res;
size_t size;
mpz_t s, us, n, e;
if (padding != RSA_PKCS1_PADDING)
return -1;
if (flen > RSA_size(rsa))
return -2;
BN2mpz(&n, rsa->n);
BN2mpz(&e, rsa->e);
#if 0
/* Check that the exponent is larger then 3 */
if (mp_int_compare_value(&e, 3) <= 0) {
mp_int_clear(&n);
mp_int_clear(&e);
return -3;
}
#endif
mp_int_init(&s);
mp_int_init(&us);
mp_int_read_unsigned(&s, rk_UNCONST(from), flen);
if (mp_int_compare(&s, &n) >= 0) {
mp_int_clear(&n);
mp_int_clear(&e);
return -4;
}
res = mp_int_exptmod(&s, &e, &n, &us);
mp_int_clear(&s);
mp_int_clear(&n);
mp_int_clear(&e);
if (res != MP_OK)
return -5;
p = to;
size = mp_int_unsigned_len(&us);
assert(size <= RSA_size(rsa));
mp_int_to_unsigned(&us, p, size);
mp_int_clear(&us);
/* head zero was skipped by mp_int_to_unsigned */
if (*p == 0)
return -6;
if (*p != 1)
return -7;
size--; p++;
while (size && *p == 0xff) {
size--; p++;
}
if (size == 0 || *p != 0)
return -8;
size--; p++;
memmove(to, p, size);
return size;
}
static int
imath_rsa_private_encrypt(int flen, const unsigned char* from,
unsigned char* to, RSA* rsa, int padding)
{
unsigned char *p, *p0;
mp_result res;
int size;
mpz_t in, out, n, e, b, bi;
int blinding = (rsa->flags & RSA_FLAG_NO_BLINDING) == 0;
int do_unblind = 0;
if (padding != RSA_PKCS1_PADDING)
return -1;
size = RSA_size(rsa);
if (size < RSA_PKCS1_PADDING_SIZE || size - RSA_PKCS1_PADDING_SIZE < flen)
return -2;
p0 = p = malloc(size);
*p++ = 0;
*p++ = 1;
memset(p, 0xff, size - flen - 3);
p += size - flen - 3;
*p++ = 0;
memcpy(p, from, flen);
p += flen;
assert((p - p0) == size);
BN2mpz(&n, rsa->n);
BN2mpz(&e, rsa->e);
mp_int_init(&in);
mp_int_init(&out);
mp_int_read_unsigned(&in, p0, size);
free(p0);
if(mp_int_compare_zero(&in) < 0 ||
mp_int_compare(&in, &n) >= 0) {
size = -3;
goto out;
}
if (blinding) {
setup_blind(&n, &b, &bi);
blind(&in, &b, &e, &n);
do_unblind = 1;
}
if (rsa->p && rsa->q && rsa->dmp1 && rsa->dmq1 && rsa->iqmp) {
mpz_t p, q, dmp1, dmq1, iqmp;
BN2mpz(&p, rsa->p);
BN2mpz(&q, rsa->q);
BN2mpz(&dmp1, rsa->dmp1);
BN2mpz(&dmq1, rsa->dmq1);
BN2mpz(&iqmp, rsa->iqmp);
res = rsa_private_calculate(&in, &p, &q, &dmp1, &dmq1, &iqmp, &out);
mp_int_clear(&p);
mp_int_clear(&q);
mp_int_clear(&dmp1);
mp_int_clear(&dmq1);
mp_int_clear(&iqmp);
if (res != MP_OK) {
size = -4;
goto out;
}
} else {
mpz_t d;
BN2mpz(&d, rsa->d);
res = mp_int_exptmod(&in, &d, &n, &out);
mp_int_clear(&d);
if (res != MP_OK) {
size = -5;
goto out;
}
}
if (do_unblind)
unblind(&out, &bi, &n);
if (size > 0) {
size_t ssize;
ssize = mp_int_unsigned_len(&out);
assert(size >= ssize);
mp_int_to_unsigned(&out, to, size);
size = ssize;
}
out:
if (do_unblind) {
mp_int_clear(&b);
mp_int_clear(&bi);
}
mp_int_clear(&e);
mp_int_clear(&n);
mp_int_clear(&in);
mp_int_clear(&out);
return size;
}
static int
imath_rsa_private_decrypt(int flen, const unsigned char* from,
unsigned char* to, RSA* rsa, int padding)
{
unsigned char *ptr;
mp_result res;
int size;
mpz_t in, out, n, e, b, bi;
int blinding = (rsa->flags & RSA_FLAG_NO_BLINDING) == 0;
int do_unblind = 0;
if (padding != RSA_PKCS1_PADDING)
return -1;
size = RSA_size(rsa);
if (flen > size)
return -2;
mp_int_init(&in);
mp_int_init(&out);
BN2mpz(&n, rsa->n);
BN2mpz(&e, rsa->e);
res = mp_int_read_unsigned(&in, rk_UNCONST(from), flen);
if (res != MP_OK) {
size = -1;
goto out;
}
if(mp_int_compare_zero(&in) < 0 ||
mp_int_compare(&in, &n) >= 0) {
size = -2;
goto out;
}
if (blinding) {
setup_blind(&n, &b, &bi);
blind(&in, &b, &e, &n);
do_unblind = 1;
}
if (rsa->p && rsa->q && rsa->dmp1 && rsa->dmq1 && rsa->iqmp) {
mpz_t p, q, dmp1, dmq1, iqmp;
BN2mpz(&p, rsa->p);
BN2mpz(&q, rsa->q);
BN2mpz(&dmp1, rsa->dmp1);
BN2mpz(&dmq1, rsa->dmq1);
BN2mpz(&iqmp, rsa->iqmp);
res = rsa_private_calculate(&in, &p, &q, &dmp1, &dmq1, &iqmp, &out);
mp_int_clear(&p);
mp_int_clear(&q);
mp_int_clear(&dmp1);
mp_int_clear(&dmq1);
mp_int_clear(&iqmp);
if (res != MP_OK) {
size = -3;
goto out;
}
} else {
mpz_t d;
if(mp_int_compare_zero(&in) < 0 ||
mp_int_compare(&in, &n) >= 0)
return MP_RANGE;
BN2mpz(&d, rsa->d);
res = mp_int_exptmod(&in, &d, &n, &out);
mp_int_clear(&d);
if (res != MP_OK) {
size = -4;
goto out;
}
}
if (do_unblind)
unblind(&out, &bi, &n);
ptr = to;
{
size_t ssize;
ssize = mp_int_unsigned_len(&out);
assert(size >= ssize);
mp_int_to_unsigned(&out, ptr, ssize);
size = ssize;
}
/* head zero was skipped by mp_int_to_unsigned */
if (*ptr != 2) {
size = -5;
goto out;
}
size--; ptr++;
while (size && *ptr != 0) {
size--; ptr++;
}
if (size == 0)
return -6;
size--; ptr++;
memmove(to, ptr, size);
out:
if (do_unblind) {
mp_int_clear(&b);
mp_int_clear(&bi);
}
mp_int_clear(&e);
mp_int_clear(&n);
mp_int_clear(&in);
mp_int_clear(&out);
return size;
}
static int
random_num(mp_int num, size_t len)
{
unsigned char *p;
mp_result res;
len = (len + 7) / 8;
p = malloc(len);
if (p == NULL)
return 1;
if (RAND_bytes(p, len) != 1) {
free(p);
return 1;
}
res = mp_int_read_unsigned(num, p, len);
free(p);
if (res != MP_OK)
return 1;
return 0;
}
#define CHECK(f, v) if ((f) != (v)) { goto out; }
static int
imath_rsa_generate_key(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
{
mpz_t el, p, q, n, d, dmp1, dmq1, iqmp, t1, t2, t3;
int counter, ret;
if (bits < 789)
return -1;
ret = -1;
mp_int_init(&el);
mp_int_init(&p);
mp_int_init(&q);
mp_int_init(&n);
mp_int_init(&d);
mp_int_init(&dmp1);
mp_int_init(&dmq1);
mp_int_init(&iqmp);
mp_int_init(&t1);
mp_int_init(&t2);
mp_int_init(&t3);
BN2mpz(&el, e);
/* generate p and q so that p != q and bits(pq) ~ bits */
counter = 0;
do {
BN_GENCB_call(cb, 2, counter++);
CHECK(random_num(&p, bits / 2 + 1), 0);
CHECK(mp_int_find_prime(&p), MP_TRUE);
CHECK(mp_int_sub_value(&p, 1, &t1), MP_OK);
CHECK(mp_int_gcd(&t1, &el, &t2), MP_OK);
} while(mp_int_compare_value(&t2, 1) != 0);
BN_GENCB_call(cb, 3, 0);
counter = 0;
do {
BN_GENCB_call(cb, 2, counter++);
CHECK(random_num(&q, bits / 2 + 1), 0);
CHECK(mp_int_find_prime(&q), MP_TRUE);
if (mp_int_compare(&p, &q) == 0) /* don't let p and q be the same */
continue;
CHECK(mp_int_sub_value(&q, 1, &t1), MP_OK);
CHECK(mp_int_gcd(&t1, &el, &t2), MP_OK);
} while(mp_int_compare_value(&t2, 1) != 0);
/* make p > q */
if (mp_int_compare(&p, &q) < 0)
mp_int_swap(&p, &q);
BN_GENCB_call(cb, 3, 1);
/* calculate n, n = p * q */
CHECK(mp_int_mul(&p, &q, &n), MP_OK);
/* calculate d, d = 1/e mod (p - 1)(q - 1) */
CHECK(mp_int_sub_value(&p, 1, &t1), MP_OK);
CHECK(mp_int_sub_value(&q, 1, &t2), MP_OK);
CHECK(mp_int_mul(&t1, &t2, &t3), MP_OK);
CHECK(mp_int_invmod(&el, &t3, &d), MP_OK);
/* calculate dmp1 dmp1 = d mod (p-1) */
CHECK(mp_int_mod(&d, &t1, &dmp1), MP_OK);
/* calculate dmq1 dmq1 = d mod (q-1) */
CHECK(mp_int_mod(&d, &t2, &dmq1), MP_OK);
/* calculate iqmp iqmp = 1/q mod p */
CHECK(mp_int_invmod(&q, &p, &iqmp), MP_OK);
/* fill in RSA key */
rsa->e = mpz2BN(&el);
rsa->p = mpz2BN(&p);
rsa->q = mpz2BN(&q);
rsa->n = mpz2BN(&n);
rsa->d = mpz2BN(&d);
rsa->dmp1 = mpz2BN(&dmp1);
rsa->dmq1 = mpz2BN(&dmq1);
rsa->iqmp = mpz2BN(&iqmp);
ret = 1;
out:
mp_int_clear(&el);
mp_int_clear(&p);
mp_int_clear(&q);
mp_int_clear(&n);
mp_int_clear(&d);
mp_int_clear(&dmp1);
mp_int_clear(&dmq1);
mp_int_clear(&iqmp);
mp_int_clear(&t1);
mp_int_clear(&t2);
mp_int_clear(&t3);
return ret;
}
static int
imath_rsa_init(RSA *rsa)
{
return 1;
}
static int
imath_rsa_finish(RSA *rsa)
{
return 1;
}
const RSA_METHOD hc_rsa_imath_method = {
"hcrypto imath RSA",
imath_rsa_public_encrypt,
imath_rsa_public_decrypt,
imath_rsa_private_encrypt,
imath_rsa_private_decrypt,
NULL,
NULL,
imath_rsa_init,
imath_rsa_finish,
0,
NULL,
NULL,
NULL,
imath_rsa_generate_key
};
#endif
const RSA_METHOD *
RSA_imath_method(void)
{
#ifdef USE_HCRYPTO_IMATH
return &hc_rsa_imath_method;
#else
return NULL;
#endif
}

1
lib/hcrypto/rsa.c
View File

@@ -516,7 +516,6 @@ RSA_null_method(void)
}
extern const RSA_METHOD hc_rsa_gmp_method;
extern const RSA_METHOD hc_rsa_imath_method;
extern const RSA_METHOD hc_rsa_tfm_method;
extern const RSA_METHOD hc_rsa_ltm_method;
static const RSA_METHOD *default_rsa_method = &hc_rsa_ltm_method;

2
lib/hcrypto/rsa.h
View File

@@ -40,7 +40,6 @@
/* symbol renaming */
#define RSA_null_method hc_RSA_null_method
#define RSA_imath_method hc_RSA_imath_method
#define RSA_ltm_method hc_RSA_ltm_method
#define RSA_gmp_method hc_RSA_gmp_method
#define RSA_tfm_method hc_RSA_tfm_method
@@ -136,7 +135,6 @@ struct RSA {
*/
const RSA_METHOD *RSA_null_method(void);
const RSA_METHOD *RSA_imath_method(void);
const RSA_METHOD *RSA_gmp_method(void);
const RSA_METHOD *RSA_tfm_method(void);
const RSA_METHOD *RSA_ltm_method(void);

108
lib/hcrypto/test_imath.c
View File

@@ -1,108 +0,0 @@
/*
* Copyright (c) 2007 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include <config.h>
#include <stdio.h>
#include <stdlib.h>
#include <err.h>
#include "imath/imath.h"
static void
umr_exptmod(void)
{
mp_result res;
mpz_t tmp, z;
res = mp_int_init(&tmp);
if (res != MP_OK)
errx(1, "ini_init");
res = mp_int_init(&z);
if (res != MP_OK)
errx(1, "ini_init");
res = mp_int_read_unsigned(&z, (void*)
"\x31\xD2\xA3\x66\xB0\x82\xD2\x61\x20\x85\xDF\xAE\x14\x73\x7C\x3A\xF5\x87\xCE\xED\xD6\x46\xBB\x45\x7C\xAF\x0F\x32\x56\xA7\x93\x87\x79\x36\xED\x29\xB8\xBF\x8B\xD8\x45\x6A\x87\x59\xDD\x03\x93\xD2\x8A\x61\xC0\x61\xA7\x7B\xA6\x24\x2A\xB6\x56\x80\x5D\xE9\x07\xD6\x1F\xF4\x00\xD7\xB4\x8B\xB0\xF9\xF5\x37\x52\xD2\x3A\xE5\xA5\xC4\x46\x65\x25\xEE\xE0\xCC\x12\x0A\x82\x68\x8B\xDF\x51\x92\xB5\x70\x87\xB5\x47\x3B\x40\xF7\x34\x35\x2E\x86\x08\x68\x6B\xAD\x2D\xB1\x12\x52\x9F\xF2\x1E\xB1\xFC\xA0\x19\x87\x7F\x6A\x1A\x35\xDA\xA1", 128);
if (res != MP_OK)
errx(1, "int_read");
res = mp_int_exptmod_bvalue(3, &z, &z, &tmp);
if (res != MP_OK)
errx(1, "exptmod_bvalue");
mp_int_clear(&tmp);
mp_int_clear(&z);
}
static void
abr_mp_int_mul(void)
{
mp_result res;
mpz_t t1, in;
res = mp_int_init(&t1);
if (res != MP_OK)
errx(1, "ini_init");
res = mp_int_init(&in);
if (res != MP_OK)
errx(1, "ini_init");
res = mp_int_read_unsigned(&t1, (void*)
"\x20\x12\xBB\x7C\xA7\x11\x2A\xF5\x4C\x17\xF5\x4B\x60\x6A\x02\x5C\xA8\x24\xBC\x9A\xDD\x94\x54\x99\xC9\x66\xCB\x45\x11\x5D\xA1\xD5\x69\x95\x0A\xE4\x23\x93\x24\x01\x55\x6F\xC6\xDC\xA1\x47\x54\xCC\x82\xCB\x07\xBD\x58\xCE\x31\x5E\x0E\x63\xEF\x9F\x04\xBB\xE2\xA0\xB5\x6B\x04\x58\x5E\xC6\x3D\xEE\x48\x57\x3A\x5C\x5E\xE3\xA7\xA9\xA3\x30\xE9\x76\x16\xCB\x70\xAF\x80\x01\xE1\xE0\xDD\xC0\x4F\x54\xA4\x76\xC4\x25\x30\x6A\x66\xC5\xCB\x47\xBE\x9F\xE9\x37\x72\xB5\x91\x3A\x0E\x24\xA6\xE6\xBB\x40\xB0\xDA\xE1\xAA\xB1\x0F\x1D\x9C\xD2\x63\x62\xD4\xFB\x2C\xD3\x46\xF1\x73\xB3\x48\xEF\x45\xC3\x00\xC9\xFA\x91\xB6\xB3\x58\x94\x25\x0C\xB4\xFA\x8B\x48\x70\xEF\x91\x04\x8C\x7C\xB6\x67\x82\x53\x42\xBD\xDB\x94\x7F\x77\x5A\xD5\x6D\x15\xB1\x6F\x44\x3A\x34\xE5\xCF\x99\x76\x11\xE5\x75\xBF\x19\xF4\x4A\x40\xAD\x2B\x72\xF1\x48\x3F\x2A\xE1\xFB\x9D\x8B\x43\x27\x6E\x99\x8F\x66\x99\xF5\x13\xE5\x16\x08\xAA\xBD\x99\x95\x30\xDB\x8D\xFA\x91\xAF\xD6\x2C\x28\x2C\xD2\xE9\xDE\x19\x7D\x2A\x99\x53\xD9\x6C\x07\x40\x99\x17\xE0\x22\xA0\x6F\x95\x65\xCC\x48\x4A\x8C\x56\x44\xBD",
258);
if (res != MP_OK)
errx(1, "int_read");
res = mp_int_read_unsigned(&in, (void*)
"\x00\x01\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\x00\x68\x65\x6C\x6C\x6F\x2C\x20\x77\x6F\x72\x6C\x64\x21\x00",
258);
if (res != MP_OK)
errx(1, "int_read");
mp_int_mul(&t1, &in, &in);
mp_int_clear(&t1);
mp_int_clear(&in);
}
int
main(int argc, char **argv)
{
umr_exptmod();
abr_mp_int_mul();
return 0;
}

2
lib/hcrypto/version-script.map
View File

@@ -69,7 +69,6 @@ HEIMDAL_CRYPTO_1.0 {
hc_DH_generate_parameters_ex;
hc_DH_get_default_method;
hc_DH_get_ex_data;
hc_DH_imath_method;
hc_DH_ltm_method;
hc_DH_gmp_method;
hc_DH_new;
@@ -254,7 +253,6 @@ HEIMDAL_CRYPTO_1.0 {
hc_RSA_get_app_data;
hc_RSA_get_default_method;
hc_RSA_get_method;
hc_RSA_imath_method;
hc_RSA_new;
hc_RSA_new_method;
hc_RSA_null_method;