1 /* these are smaller routines written by Clay Culver. They do the same function as the rsa_encrypt/decrypt
2 * except that they are used to RSA encrypt/decrypt a single value and not a packet.
4 int rsa_encrypt_key(const unsigned char *inkey, unsigned long inlen,
5 unsigned char *outkey, unsigned long *outlen,
6 prng_state *prng, int wprng, rsa_key *key)
8 unsigned char rsa_in[4096], rsa_out[4096];
9 unsigned long x, y, rsa_size;
12 _ARGCHK(inkey != NULL);
13 _ARGCHK(outkey != NULL);
14 _ARGCHK(outlen != NULL);
17 /* only allow keys from 64 to 256 bits */
18 if (inlen < 8 || inlen > 32) {
19 return CRYPT_INVALID_ARG;
22 /* are the parameters valid? */
23 if ((err = prng_is_valid(wprng)) != CRYPT_OK) {
27 /* rsa_pad the symmetric key */
28 y = (unsigned long)sizeof(rsa_in);
29 if ((err = rsa_pad(inkey, inlen, rsa_in, &y, wprng, prng)) != CRYPT_OK) {
34 rsa_size = (unsigned long)sizeof(rsa_out);
35 if ((err = rsa_exptmod(rsa_in, y, rsa_out, &rsa_size, PK_PUBLIC, key)) != CRYPT_OK) {
40 if (*outlen < (PACKET_SIZE+4+rsa_size)) {
41 return CRYPT_BUFFER_OVERFLOW;
44 /* now lets make the header */
47 /* store the size of the RSA value */
48 STORE32L(rsa_size, (outkey+y));
51 /* store the rsa value */
52 for (x = 0; x < rsa_size; x++, y++) {
53 outkey[y] = rsa_out[x];
57 packet_store_header(outkey, PACKET_SECT_RSA, PACKET_SUB_ENC_KEY);
61 zeromem(rsa_in, sizeof(rsa_in));
62 zeromem(rsa_out, sizeof(rsa_out));
68 int rsa_decrypt_key(const unsigned char *in, unsigned long inlen,
69 unsigned char *outkey, unsigned long *keylen,
72 unsigned char sym_key[MAXBLOCKSIZE], rsa_out[4096];
73 unsigned long x, y, z, i, rsa_size;
77 _ARGCHK(outkey != NULL);
78 _ARGCHK(keylen != NULL);
82 if (key->type != PK_PRIVATE && key->type != PK_PRIVATE_OPTIMIZED) {
83 return CRYPT_PK_NOT_PRIVATE;
86 if (inlen < PACKET_SIZE+4) {
87 return CRYPT_INVALID_PACKET;
89 inlen -= PACKET_SIZE+4;
92 /* check the header */
93 if ((err = packet_valid_header((unsigned char *)in, PACKET_SECT_RSA, PACKET_SUB_ENC_KEY)) != CRYPT_OK) {
97 /* grab length of the rsa key */
99 LOAD32L(rsa_size, (in+y));
100 if (inlen < rsa_size) {
101 return CRYPT_INVALID_PACKET;
108 x = (unsigned long)sizeof(rsa_out);
109 if ((err = rsa_exptmod(in+y, rsa_size, rsa_out, &x, PK_PRIVATE, key)) != CRYPT_OK) {
115 z = (unsigned long)sizeof(sym_key);
116 if ((err = rsa_depad(rsa_out, x, sym_key, &z)) != CRYPT_OK) {
122 return CRYPT_BUFFER_OVERFLOW;
125 for (i = 0; i < z; i++) {
126 outkey[i] = sym_key[i];
131 zeromem(sym_key, sizeof(sym_key));
132 zeromem(rsa_out, sizeof(rsa_out));
138 int rsa_sign_hash(const unsigned char *in, unsigned long inlen,
139 unsigned char *out, unsigned long *outlen,
142 unsigned long rsa_size, x, y;
143 unsigned char rsa_in[4096], rsa_out[4096];
147 _ARGCHK(out != NULL);
148 _ARGCHK(outlen != NULL);
149 _ARGCHK(key != NULL);
151 /* reject nonsense sizes */
152 if (inlen > MAXBLOCKSIZE || inlen < 16) {
153 return CRYPT_INVALID_ARG;
157 if (key->type != PK_PRIVATE && key->type != PK_PRIVATE_OPTIMIZED) {
158 return CRYPT_PK_NOT_PRIVATE;
162 x = (unsigned long)sizeof(rsa_out);
163 if ((err = rsa_signpad(in, inlen, rsa_out, &x)) != CRYPT_OK) {
168 rsa_size = (unsigned long)sizeof(rsa_in);
169 if ((err = rsa_exptmod(rsa_out, x, rsa_in, &rsa_size, PK_PRIVATE, key)) != CRYPT_OK) {
174 if (*outlen < (PACKET_SIZE+4+rsa_size)) {
175 return CRYPT_BUFFER_OVERFLOW;
178 /* now lets output the message */
182 STORE32L(rsa_size, (out+y));
185 /* store the signature */
186 for (x = 0; x < rsa_size; x++, y++) {
191 packet_store_header(out, PACKET_SECT_RSA, PACKET_SUB_SIGNED);
195 zeromem(rsa_in, sizeof(rsa_in));
196 zeromem(rsa_out, sizeof(rsa_out));
202 int rsa_verify_hash(const unsigned char *sig, unsigned long siglen,
203 const unsigned char *md, int *stat, rsa_key *key)
205 unsigned long rsa_size, x, y, z;
206 unsigned char rsa_in[4096], rsa_out[4096];
209 _ARGCHK(sig != NULL);
211 _ARGCHK(stat != NULL);
212 _ARGCHK(key != NULL);
214 /* always be incorrect by default */
217 if (siglen < PACKET_SIZE+4) {
218 return CRYPT_INVALID_PACKET;
220 siglen -= PACKET_SIZE+4;
224 if ((err = packet_valid_header((unsigned char *)sig, PACKET_SECT_RSA, PACKET_SUB_SIGNED)) != CRYPT_OK) {
230 LOAD32L(rsa_size, (sig+y));
231 if (siglen < rsa_size) {
232 return CRYPT_INVALID_PACKET;
239 x = (unsigned long)sizeof(rsa_out);
240 if ((err = rsa_exptmod(sig+y, rsa_size, rsa_out, &x, PK_PUBLIC, key)) != CRYPT_OK) {
246 z = (unsigned long)sizeof(rsa_in);
247 if ((err = rsa_signdepad(rsa_out, x, rsa_in, &z)) != CRYPT_OK) {
252 if (memcmp(rsa_in, md, (size_t)z) == 0) {
257 zeromem(rsa_in, sizeof(rsa_in));
258 zeromem(rsa_out, sizeof(rsa_out));