/* not in asn anymore since no actual asn types used */
int wc_DhSetKey(DhKey* key, const byte* p, word32 pSz, const byte* g,
word32 gSz)
{
if (key == NULL || p == NULL || g == NULL || pSz == 0 || gSz == 0)
return BAD_FUNC_ARG;
/* may have leading 0 */
if (p[0] == 0) {
pSz--; p++;
}
if (g[0] == 0) {
gSz--; g++;
}
if (mp_init(&key->p) != MP_OKAY)
return MP_INIT_E;
if (mp_read_unsigned_bin(&key->p, p, pSz) != 0) {
mp_clear(&key->p);
return ASN_DH_KEY_E;
}
if (mp_init(&key->g) != MP_OKAY) {
mp_clear(&key->p);
return MP_INIT_E;
}
if (mp_read_unsigned_bin(&key->g, g, gSz) != 0) {
mp_clear(&key->g);
mp_clear(&key->p);
return ASN_DH_KEY_E;
}
return 0;
}
int DhAgree(DhKey* key, byte* agree, word32* agreeSz, const byte* priv,
word32 privSz, const byte* otherPub, word32 pubSz)
{
int ret = 0;
mp_int x;
mp_int y;
mp_int z;
if (mp_init_multi(&x, &y, &z, 0, 0, 0) != MP_OKAY)
return MP_INIT_E;
if (mp_read_unsigned_bin(&x, priv, privSz) != MP_OKAY)
ret = MP_READ_E;
if (ret == 0 && mp_read_unsigned_bin(&y, otherPub, pubSz) != MP_OKAY)
ret = MP_READ_E;
if (ret == 0 && mp_exptmod(&y, &x, &key->p, &z) != MP_OKAY)
ret = MP_EXPTMOD_E;
if (ret == 0 && mp_to_unsigned_bin(&z, agree) != MP_OKAY)
ret = MP_TO_E;
if (ret == 0)
*agreeSz = mp_unsigned_bin_size(&z);
mp_clear(&z);
mp_clear(&y);
mp_clear(&x);
return ret;
}
int DsaVerify(const byte* digest, const byte* sig, DsaKey* key, int* answer)
{
mp_int w, u1, u2, v, r, s;
int ret = 0;
if (mp_init_multi(&w, &u1, &u2, &v, &r, &s) != MP_OKAY)
return MP_INIT_E;
/* set r and s from signature */
if (mp_read_unsigned_bin(&r, sig, DSA_HALF_SIZE) != MP_OKAY ||
mp_read_unsigned_bin(&s, sig + DSA_HALF_SIZE, DSA_HALF_SIZE) != MP_OKAY)
ret = MP_READ_E;
/* sanity checks */
/* put H into u1 from sha digest */
if (ret == 0 && mp_read_unsigned_bin(&u1,digest,SHA_DIGEST_SIZE) != MP_OKAY)
ret = MP_READ_E;
/* w = s invmod q */
if (ret == 0 && mp_invmod(&s, &key->q, &w) != MP_OKAY)
ret = MP_INVMOD_E;
/* u1 = (H * w) % q */
if (ret == 0 && mp_mulmod(&u1, &w, &key->q, &u1) != MP_OKAY)
ret = MP_MULMOD_E;
/* u2 = (r * w) % q */
if (ret == 0 && mp_mulmod(&r, &w, &key->q, &u2) != MP_OKAY)
ret = MP_MULMOD_E;
/* verify v = ((g^u1 * y^u2) mod p) mod q */
if (ret == 0 && mp_exptmod(&key->g, &u1, &key->p, &u1) != MP_OKAY)
ret = MP_EXPTMOD_E;
if (ret == 0 && mp_exptmod(&key->y, &u2, &key->p, &u2) != MP_OKAY)
ret = MP_EXPTMOD_E;
if (ret == 0 && mp_mulmod(&u1, &u2, &key->p, &v) != MP_OKAY)
ret = MP_MULMOD_E;
if (ret == 0 && mp_mod(&v, &key->q, &v) != MP_OKAY)
ret = MP_MULMOD_E;
/* do they match */
if (ret == 0 && mp_cmp(&r, &v) == MP_EQ)
*answer = 1;
else
*answer = 0;
mp_clear(&s);
mp_clear(&r);
mp_clear(&u1);
mp_clear(&u2);
mp_clear(&w);
mp_clear(&v);
return ret;
}
/**
Import DSA public or private key-part from raw numbers
NB: The p, q & g parts must be set beforehand
@param in The key-part to import, either public or private.
@param inlen The key-part's length
@param type Which type of key (PK_PRIVATE or PK_PUBLIC)
@param key [out] the destination for the imported key
@return CRYPT_OK if successful.
*/
int dsa_set_key(const unsigned char *in, unsigned long inlen, int type, dsa_key *key)
{
int err, stat = 0;
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(key->x != NULL);
LTC_ARGCHK(key->y != NULL);
LTC_ARGCHK(key->p != NULL);
LTC_ARGCHK(key->g != NULL);
LTC_ARGCHK(key->q != NULL);
LTC_ARGCHK(ltc_mp.name != NULL);
if (type == PK_PRIVATE) {
key->type = PK_PRIVATE;
if ((err = mp_read_unsigned_bin(key->x, (unsigned char *)in, inlen)) != CRYPT_OK) { goto LBL_ERR; }
if ((err = mp_exptmod(key->g, key->x, key->p, key->y)) != CRYPT_OK) { goto LBL_ERR; }
}
else {
key->type = PK_PUBLIC;
if ((err = mp_read_unsigned_bin(key->y, (unsigned char *)in, inlen)) != CRYPT_OK) { goto LBL_ERR; }
}
if ((err = dsa_int_validate_xy(key, &stat)) != CRYPT_OK) { goto LBL_ERR; }
if (stat == 0) {
err = CRYPT_INVALID_PACKET;
goto LBL_ERR;
}
return CRYPT_OK;
LBL_ERR:
dsa_free(key);
return err;
}
/**
Import RSA key from raw numbers
@param N RSA's N
@param Nlen RSA's N's length
@param e RSA's e
@param elen RSA's e's length
@param d RSA's d (only private key, NULL for public key)
@param dlen RSA's d's length
@param key [out] the destination for the imported key
@return CRYPT_OK if successful
*/
int rsa_set_key(const unsigned char *N, unsigned long Nlen,
const unsigned char *e, unsigned long elen,
const unsigned char *d, unsigned long dlen,
rsa_key *key)
{
int err;
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(N != NULL);
LTC_ARGCHK(e != NULL);
LTC_ARGCHK(ltc_mp.name != NULL);
err = mp_init_multi(&key->e, &key->d, &key->N, &key->dQ, &key->dP, &key->qP, &key->p, &key->q, NULL);
if (err != CRYPT_OK) return err;
if ((err = mp_read_unsigned_bin(key->N , (unsigned char *)N , Nlen)) != CRYPT_OK) { goto LBL_ERR; }
if ((err = mp_read_unsigned_bin(key->e , (unsigned char *)e , elen)) != CRYPT_OK) { goto LBL_ERR; }
if (d && dlen) {
if ((err = mp_read_unsigned_bin(key->d , (unsigned char *)d , dlen)) != CRYPT_OK) { goto LBL_ERR; }
key->type = PK_PRIVATE;
}
else {
key->type = PK_PUBLIC;
}
return CRYPT_OK;
LBL_ERR:
rsa_free(key);
return err;
}
/**
Import DH public or private key part from raw numbers
NB: The p & g parts must be set beforehand
@param in The key-part to import, either public or private.
@param inlen The key-part's length
@param type Which type of key (PK_PRIVATE or PK_PUBLIC)
@param key [out] the destination for the imported key
@return CRYPT_OK if successful
*/
int dh_set_key(const unsigned char *in, unsigned long inlen, int type, dh_key *key)
{
int err;
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(ltc_mp.name != NULL);
if (type == PK_PRIVATE) {
key->type = PK_PRIVATE;
if ((err = mp_read_unsigned_bin(key->x, (unsigned char*)in, inlen)) != CRYPT_OK) { goto LBL_ERR; }
if ((err = mp_exptmod(key->base, key->x, key->prime, key->y)) != CRYPT_OK) { goto LBL_ERR; }
}
else {
key->type = PK_PUBLIC;
if ((err = mp_read_unsigned_bin(key->y, (unsigned char*)in, inlen)) != CRYPT_OK) { goto LBL_ERR; }
}
/* check public key */
if ((err = dh_check_pubkey(key)) != CRYPT_OK) {
goto LBL_ERR;
}
return CRYPT_OK;
LBL_ERR:
dh_free(key);
return err;
}
/* Retrieve an mp_int from the buffer.
* Will fail for -ve since they shouldn't be required here.
* Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
int buf_getmpint(buffer* buf, mp_int* mp) {
unsigned int len;
len = buf_getint(buf);
if (len == 0) {
mp_zero(mp);
return DROPBEAR_SUCCESS;
}
if (len > BUF_MAX_MPINT) {
return DROPBEAR_FAILURE;
}
/* check for negative */
if (*buf_getptr(buf, 1) & (1 << (CHAR_BIT-1))) {
return DROPBEAR_FAILURE;
}
if (mp_read_unsigned_bin(mp, buf_getptr(buf, len), len) != MP_OKAY) {
return DROPBEAR_FAILURE;
}
buf_incrpos(buf, len);
return DROPBEAR_SUCCESS;
}
/**
* bignum_set_unsigned_bin - Set bignum based on unsigned binary buffer
* @n: Bignum from bignum_init(); to be set to the given value
* @buf: Buffer with unsigned binary value
* @len: Length of buf in octets
* Returns: 0 on success, -1 on failure
*/
int bignum_set_unsigned_bin(struct bignum *n, const u8 *buf, size_t len) {
if (mp_read_unsigned_bin((mp_int *) n, (u8 *) buf, len) != MP_OKAY) {
wpa_printf(MSG_DEBUG, "BIGNUM: %s failed", __func__);
return -1;
}
return 0;
}
int wc_SrpSetPassword(Srp* srp, const byte* password, word32 size)
{
SrpHash hash;
byte digest[SRP_MAX_DIGEST_SIZE];
word32 digestSz;
int r;
if (!srp || !password || srp->side != SRP_CLIENT_SIDE)
return BAD_FUNC_ARG;
if (!srp->salt)
return SRP_CALL_ORDER_E;
digestSz = SrpHashSize(srp->type);
/* digest = H(username | ':' | password) */
r = SrpHashInit(&hash, srp->type);
if (!r) r = SrpHashUpdate(&hash, srp->user, srp->userSz);
if (!r) r = SrpHashUpdate(&hash, (const byte*) ":", 1);
if (!r) r = SrpHashUpdate(&hash, password, size);
if (!r) r = SrpHashFinal(&hash, digest);
/* digest = H(salt | H(username | ':' | password)) */
if (!r) r = SrpHashInit(&hash, srp->type);
if (!r) r = SrpHashUpdate(&hash, srp->salt, srp->saltSz);
if (!r) r = SrpHashUpdate(&hash, digest, digestSz);
if (!r) r = SrpHashFinal(&hash, digest);
/* Set x (private key) */
if (!r) r = mp_read_unsigned_bin(&srp->auth, digest, digestSz);
ForceZero(digest, SRP_MAX_DIGEST_SIZE);
return r;
}
int wc_SrpSetVerifier(Srp* srp, const byte* verifier, word32 size)
{
if (!srp || !verifier || srp->side != SRP_SERVER_SIDE)
return BAD_FUNC_ARG;
return mp_read_unsigned_bin(&srp->auth, verifier, size);
}
cli_crt *crtmgr_verify_pkcs7(crtmgr *m, const uint8_t *issuer, const uint8_t *serial, const void *signature, unsigned int signature_len, cli_crt_hashtype hashtype, const uint8_t *refhash, cli_vrfy_type vrfytype) {
cli_crt *i;
mp_int sig;
int ret;
if(signature_len < 1024/8 || signature_len > 4096/8+1) {
cli_dbgmsg("crtmgr_verify_pkcs7: unsupported sig len: %u\n", signature_len);
return NULL;
}
if((ret = mp_init(&sig))) {
cli_errmsg("crtmgr_verify_pkcs7: mp_init failed with %d\n", ret);
return NULL;
}
if((ret=mp_read_unsigned_bin(&sig, signature, signature_len))) {
cli_warnmsg("crtmgr_verify_pkcs7: mp_read_unsigned_bin failed with %d\n", ret);
return NULL;
}
for(i = m->crts; i; i = i->next) {
if(vrfytype == VRFY_CODE && !i->codeSign)
continue;
if(vrfytype == VRFY_TIME && !i->timeSign)
continue;
if(!memcmp(i->issuer, issuer, sizeof(i->issuer)) &&
!memcmp(i->serial, serial, sizeof(i->serial)) &&
!crtmgr_rsa_verify(i, &sig, hashtype, refhash)) {
break;
}
}
mp_clear(&sig);
return i;
}
static int GeneratePublic(DhKey* key, const byte* priv, word32 privSz,
byte* pub, word32* pubSz)
{
int ret = 0;
mp_int x;
mp_int y;
if (mp_init_multi(&x, &y, 0, 0, 0, 0) != MP_OKAY)
return MP_INIT_E;
if (mp_read_unsigned_bin(&x, priv, privSz) != MP_OKAY)
ret = MP_READ_E;
if (ret == 0 && mp_exptmod(&key->g, &x, &key->p, &y) != MP_OKAY)
ret = MP_EXPTMOD_E;
if (ret == 0 && mp_to_unsigned_bin(&y, pub) != MP_OKAY)
ret = MP_TO_E;
if (ret == 0)
*pubSz = mp_unsigned_bin_size(&y);
mp_clear(&y);
mp_clear(&x);
return ret;
}
int wc_MakeDsaKey(WC_RNG *rng, DsaKey *dsa)
{
unsigned char *buf;
int qsize, err;
if (rng == NULL || dsa == NULL)
return BAD_FUNC_ARG;
qsize = mp_unsigned_bin_size(&dsa->q);
if (qsize == 0)
return BAD_FUNC_ARG;
/* allocate ram */
buf = (unsigned char *)XMALLOC(qsize, NULL,
DYNAMIC_TYPE_TMP_BUFFER);
if (buf == NULL)
return MEMORY_E;
if (mp_init(&dsa->x) != MP_OKAY) {
XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return MP_INIT_E;
}
do {
/* make a random exponent mod q */
err = wc_RNG_GenerateBlock(rng, buf, qsize);
if (err != MP_OKAY) {
mp_clear(&dsa->x);
XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return err;
}
err = mp_read_unsigned_bin(&dsa->x, buf, qsize);
if (err != MP_OKAY) {
mp_clear(&dsa->x);
XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return err;
}
} while (mp_cmp_d(&dsa->x, 1) != MP_GT);
XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (mp_init(&dsa->y) != MP_OKAY) {
mp_clear(&dsa->x);
return MP_INIT_E;
}
/* public key : y = g^x mod p */
err = mp_exptmod(&dsa->g, &dsa->x, &dsa->p, &dsa->y);
if (err != MP_OKAY) {
mp_clear(&dsa->x);
mp_clear(&dsa->y);
return err;
}
dsa->type = DSA_PRIVATE;
return MP_OKAY;
}
/**
Read a binary string into an mp_int
@param n [out] The mp_int destination
@param in The binary string to read
@param inlen The length of the binary string
@return CRYPT_OK if successful
*/
int pkcs_1_os2ip(mp_int *n, unsigned char *in, unsigned long inlen)
{
int err;
/* read it */
if ((err = mp_read_unsigned_bin(n, in, inlen)) != MP_OKAY) {
return mpi_to_ltc_error(err);
}
return CRYPT_OK;
}
/**
Verify a DSA signature
@param r DSA "r" parameter
@param s DSA "s" parameter
@param hash The hash that was signed
@param hashlen The length of the hash that was signed
@param stat [out] The result of the signature verification, 1==valid, 0==invalid
@param key The corresponding public DH key
@return CRYPT_OK if successful (even if the signature is invalid)
*/
int dsa_verify_hash_raw( mp_int *r, mp_int *s,
const unsigned char *hash, unsigned long hashlen,
int *stat, dsa_key *key)
{
mp_int w, v, u1, u2;
int err;
LTC_ARGCHK(r != NULL);
LTC_ARGCHK(s != NULL);
LTC_ARGCHK(stat != NULL);
LTC_ARGCHK(key != NULL);
/* default to invalid signature */
*stat = 0;
/* init our variables */
if ((err = mp_init_multi(&w, &v, &u1, &u2, NULL)) != MP_OKAY) {
return mpi_to_ltc_error(err);
}
/* neither r or s can be null or >q*/
if (mp_iszero(r) == MP_YES || mp_iszero(s) == MP_YES || mp_cmp(r, &key->q) != MP_LT || mp_cmp(s, &key->q) != MP_LT) {
err = CRYPT_INVALID_PACKET;
goto done;
}
/* w = 1/s mod q */
if ((err = mp_invmod(s, &key->q, &w)) != MP_OKAY) { goto error; }
/* u1 = m * w mod q */
if ((err = mp_read_unsigned_bin(&u1, (unsigned char *)hash, hashlen)) != MP_OKAY) { goto error; }
if ((err = mp_mulmod(&u1, &w, &key->q, &u1)) != MP_OKAY) { goto error; }
/* u2 = r*w mod q */
if ((err = mp_mulmod(r, &w, &key->q, &u2)) != MP_OKAY) { goto error; }
/* v = g^u1 * y^u2 mod p mod q */
if ((err = mp_exptmod(&key->g, &u1, &key->p, &u1)) != MP_OKAY) { goto error; }
if ((err = mp_exptmod(&key->y, &u2, &key->p, &u2)) != MP_OKAY) { goto error; }
if ((err = mp_mulmod(&u1, &u2, &key->p, &v)) != MP_OKAY) { goto error; }
if ((err = mp_mod(&v, &key->q, &v)) != MP_OKAY) { goto error; }
/* if r = v then we're set */
if (mp_cmp(r, &v) == MP_EQ) {
*stat = 1;
}
err = CRYPT_OK;
goto done;
error : err = mpi_to_ltc_error(err);
done : mp_clear_multi(&w, &v, &u1, &u2, NULL);
return err;
}
static void
BN2mpz(mp_int *s, const BIGNUM *bn)
{
size_t len;
void *p;
len = BN_num_bytes(bn);
p = malloc(len);
BN_bn2bin(bn, p);
mp_read_unsigned_bin(s, p, len);
free(p);
}
/**
Import factors of an RSA key from raw numbers
Only for private keys.
@param p RSA's p
@param plen RSA's p's length
@param q RSA's q
@param qlen RSA's q's length
@param key [out] the destination for the imported key
@return CRYPT_OK if successful
*/
int rsa_set_factors(const unsigned char *p, unsigned long plen,
const unsigned char *q, unsigned long qlen,
rsa_key *key)
{
int err;
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(p != NULL);
LTC_ARGCHK(q != NULL);
LTC_ARGCHK(ltc_mp.name != NULL);
if (key->type != PK_PRIVATE) return CRYPT_PK_TYPE_MISMATCH;
if ((err = mp_read_unsigned_bin(key->p , (unsigned char *)p , plen)) != CRYPT_OK) { goto LBL_ERR; }
if ((err = mp_read_unsigned_bin(key->q , (unsigned char *)q , qlen)) != CRYPT_OK) { goto LBL_ERR; }
return CRYPT_OK;
LBL_ERR:
rsa_free(key);
return err;
}
/**
Verify a DSA signature
@param r DSA "r" parameter
@param s DSA "s" parameter
@param hash The hash that was signed
@param hashlen The length of the hash that was signed
@param stat [out] The result of the signature verification, 1==valid, 0==invalid
@param key The corresponding public DH key
@return CRYPT_OK if successful (even if the signature is invalid)
*/
int dsa_verify_hash_raw( void *r, void *s,
const unsigned char *hash, unsigned long hashlen,
int *stat, dsa_key *key)
{
void *w, *v, *u1, *u2;
int err;
LTC_ARGCHK(r != NULL);
LTC_ARGCHK(s != NULL);
LTC_ARGCHK(stat != NULL);
LTC_ARGCHK(key != NULL);
/* default to invalid signature */
*stat = 0;
/* init our variables */
if ((err = mp_init_multi(&w, &v, &u1, &u2, NULL)) != CRYPT_OK) {
return err;
}
/* neither r or s can be null or >q*/
if (mp_iszero(r) == LTC_MP_YES || mp_iszero(s) == LTC_MP_YES || mp_cmp(r, key->q) != LTC_MP_LT || mp_cmp(s, key->q) != LTC_MP_LT) {
err = CRYPT_INVALID_PACKET;
goto error;
}
/* w = 1/s mod q */
if ((err = mp_invmod(s, key->q, w)) != CRYPT_OK) { goto error; }
/* u1 = m * w mod q */
if ((err = mp_read_unsigned_bin(u1, (unsigned char *)hash, hashlen)) != CRYPT_OK) { goto error; }
if ((err = mp_mulmod(u1, w, key->q, u1)) != CRYPT_OK) { goto error; }
/* u2 = r*w mod q */
if ((err = mp_mulmod(r, w, key->q, u2)) != CRYPT_OK) { goto error; }
/* v = g^u1 * y^u2 mod p mod q */
if ((err = mp_exptmod(key->g, u1, key->p, u1)) != CRYPT_OK) { goto error; }
if ((err = mp_exptmod(key->y, u2, key->p, u2)) != CRYPT_OK) { goto error; }
if ((err = mp_mulmod(u1, u2, key->p, v)) != CRYPT_OK) { goto error; }
if ((err = mp_mod(v, key->q, v)) != CRYPT_OK) { goto error; }
/* if r = v then we're set */
if (mp_cmp(r, v) == LTC_MP_EQ) {
*stat = 1;
}
err = CRYPT_OK;
error:
mp_clear_multi(w, v, u1, u2, NULL);
return err;
}
int pkcs_1_pss_test(void)
{
struct ltc_prng_descriptor* no_prng_desc = no_prng_desc_get();
int prng_idx = register_prng(no_prng_desc);
int hash_idx = find_hash("sha1");
unsigned int i;
unsigned int j;
DO(prng_is_valid(prng_idx));
DO(hash_is_valid(hash_idx));
for (i = 0; i < sizeof(testcases_pss)/sizeof(testcases_pss[0]); ++i) {
testcase_t* t = &testcases_pss[i];
rsa_key k, *key = &k;
DOX(mp_init_multi(&key->e, &key->d, &key->N, &key->dQ,
&key->dP, &key->qP, &key->p, &key->q, NULL), t->name);
DOX(mp_read_unsigned_bin(key->e, t->rsa.e, t->rsa.e_l), t->name);
DOX(mp_read_unsigned_bin(key->d, t->rsa.d, t->rsa.d_l), t->name);
DOX(mp_read_unsigned_bin(key->N, t->rsa.n, t->rsa.n_l), t->name);
DOX(mp_read_unsigned_bin(key->dQ, t->rsa.dQ, t->rsa.dQ_l), t->name);
DOX(mp_read_unsigned_bin(key->dP, t->rsa.dP, t->rsa.dP_l), t->name);
DOX(mp_read_unsigned_bin(key->qP, t->rsa.qInv, t->rsa.qInv_l), t->name);
DOX(mp_read_unsigned_bin(key->q, t->rsa.q, t->rsa.q_l), t->name);
DOX(mp_read_unsigned_bin(key->p, t->rsa.p, t->rsa.p_l), t->name);
key->type = PK_PRIVATE;
for (j = 0; j < sizeof(t->data)/sizeof(t->data[0]); ++j) {
rsaData_t* s = &t->data[j];
unsigned char buf[20], obuf[256];
unsigned long buflen = sizeof(buf), obuflen = sizeof(obuf);
int stat;
prng_descriptor[prng_idx].add_entropy(s->o2, s->o2_l, (prng_state*)no_prng_desc);
DOX(hash_memory(hash_idx, s->o1, s->o1_l, buf, &buflen), s->name);
DOX(rsa_sign_hash(buf, buflen, obuf, &obuflen, (prng_state*)no_prng_desc, prng_idx, hash_idx, s->o2_l, key), s->name);
DOX(obuflen == (unsigned long)s->o3_l?CRYPT_OK:CRYPT_FAIL_TESTVECTOR, s->name);
DOX(memcmp(s->o3, obuf, s->o3_l)==0?CRYPT_OK:CRYPT_FAIL_TESTVECTOR, s->name);
DOX(rsa_verify_hash(obuf, obuflen, buf, buflen, hash_idx, s->o2_l, &stat, key), s->name);
DOX(stat == 1?CRYPT_OK:CRYPT_FAIL_TESTVECTOR, s->name);
} /* for */
mp_clear_multi(key->d, key->e, key->N, key->dQ, key->dP, key->qP, key->p, key->q, NULL);
} /* for */
unregister_prng(no_prng_desc);
no_prng_desc_free(no_prng_desc);
return 0;
}
int wc_DhAgree(DhKey* key, byte* agree, word32* agreeSz, const byte* priv,
word32 privSz, const byte* otherPub, word32 pubSz)
{
int ret = 0;
mp_int x;
mp_int y;
mp_int z;
if (wc_DhCheckPubKey(key, otherPub, pubSz) != 0) {
WOLFSSL_MSG("wc_DhAgree wc_DhCheckPubKey failed");
return DH_CHECK_PUB_E;
}
if (mp_init_multi(&x, &y, &z, 0, 0, 0) != MP_OKAY)
return MP_INIT_E;
if (mp_read_unsigned_bin(&x, priv, privSz) != MP_OKAY)
ret = MP_READ_E;
if (ret == 0 && mp_read_unsigned_bin(&y, otherPub, pubSz) != MP_OKAY)
ret = MP_READ_E;
if (ret == 0 && mp_exptmod(&y, &x, &key->p, &z) != MP_OKAY)
ret = MP_EXPTMOD_E;
if (ret == 0 && mp_to_unsigned_bin(&z, agree) != MP_OKAY)
ret = MP_TO_E;
if (ret == 0)
*agreeSz = mp_unsigned_bin_size(&z);
mp_clear(&z);
mp_clear(&y);
mp_clear(&x);
return ret;
}
int pkcs_1_eme_test(void)
{
int prng_idx = register_prng(&no_prng_desc);
int hash_idx = find_hash("sha1");
unsigned int i;
DO(prng_is_valid(prng_idx));
DO(hash_is_valid(hash_idx));
for (i = 0; i < sizeof(testcases_eme)/sizeof(testcases_eme[0]); ++i) {
testcase_t* t = &testcases_eme[i];
rsa_key k, *key = &k;
DOX(mp_init_multi(&key->e, &key->d, &key->N, &key->dQ,
&key->dP, &key->qP, &key->p, &key->q, NULL), t->name);
DOX(mp_read_unsigned_bin(key->e, t->rsa.e, t->rsa.e_l), t->name);
DOX(mp_read_unsigned_bin(key->d, t->rsa.d, t->rsa.d_l), t->name);
DOX(mp_read_unsigned_bin(key->N, t->rsa.n, t->rsa.n_l), t->name);
DOX(mp_read_unsigned_bin(key->dQ, t->rsa.dQ, t->rsa.dQ_l), t->name);
DOX(mp_read_unsigned_bin(key->dP, t->rsa.dP, t->rsa.dP_l), t->name);
DOX(mp_read_unsigned_bin(key->qP, t->rsa.qInv, t->rsa.qInv_l), t->name);
DOX(mp_read_unsigned_bin(key->q, t->rsa.q, t->rsa.q_l), t->name);
DOX(mp_read_unsigned_bin(key->p, t->rsa.p, t->rsa.p_l), t->name);
key->type = PK_PRIVATE;
unsigned int j;
for (j = 0; j < sizeof(t->data)/sizeof(t->data[0]); ++j) {
rsaData_t* s = &t->data[j];
unsigned char buf[256], obuf[256];
unsigned long buflen = sizeof(buf), obuflen = sizeof(obuf);
int stat;
prng_descriptor[prng_idx].add_entropy(s->o2, s->o2_l, NULL);
DOX(rsa_encrypt_key_ex(s->o1, s->o1_l, obuf, &obuflen, NULL, 0, NULL, prng_idx, -1, LTC_PKCS_1_V1_5, key), s->name);
DOX(obuflen == (unsigned long)s->o3_l?CRYPT_OK:CRYPT_FAIL_TESTVECTOR, s->name);
DOX(memcmp(s->o3, obuf, s->o3_l)==0?CRYPT_OK:CRYPT_FAIL_TESTVECTOR, s->name);
DOX(rsa_decrypt_key_ex(obuf, obuflen, buf, &buflen, NULL, 0, -1, LTC_PKCS_1_V1_5, &stat, key), s->name);
DOX(stat == 1?CRYPT_OK:CRYPT_FAIL_TESTVECTOR, s->name);
} /* for */
mp_clear_multi(key->d, key->e, key->N, key->dQ, key->dP, key->qP, key->p, key->q, NULL);
} /* for */
unregister_prng(&no_prng_desc);
return 0;
}
/**
Import CRT parameters of an RSA key from raw numbers
Only for private keys.
@param dP RSA's dP
@param dPlen RSA's dP's length
@param dQ RSA's dQ
@param dQlen RSA's dQ's length
@param qP RSA's qP
@param qPlen RSA's qP's length
@param key [out] the destination for the imported key
@return CRYPT_OK if successful
*/
int rsa_set_crt_params(const unsigned char *dP, unsigned long dPlen,
const unsigned char *dQ, unsigned long dQlen,
const unsigned char *qP, unsigned long qPlen,
rsa_key *key)
{
int err;
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(dP != NULL);
LTC_ARGCHK(dQ != NULL);
LTC_ARGCHK(qP != NULL);
LTC_ARGCHK(ltc_mp.name != NULL);
if (key->type != PK_PRIVATE) return CRYPT_PK_TYPE_MISMATCH;
if ((err = mp_read_unsigned_bin(key->dP, (unsigned char *)dP, dPlen)) != CRYPT_OK) { goto LBL_ERR; }
if ((err = mp_read_unsigned_bin(key->dQ, (unsigned char *)dQ, dQlen)) != CRYPT_OK) { goto LBL_ERR; }
if ((err = mp_read_unsigned_bin(key->qP, (unsigned char *)qP, qPlen)) != CRYPT_OK) { goto LBL_ERR; }
return CRYPT_OK;
LBL_ERR:
rsa_free(key);
return err;
}
/**
Import DH key parts p and g from raw numbers
@param p DH's p (prime)
@param plen DH's p's length
@param g DH's g (group)
@param glen DH's g's length
@param key [out] the destination for the imported key
@return CRYPT_OK if successful
*/
int dh_set_pg(const unsigned char *p, unsigned long plen,
const unsigned char *g, unsigned long glen,
dh_key *key)
{
int err;
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(p != NULL);
LTC_ARGCHK(g != NULL);
LTC_ARGCHK(ltc_mp.name != NULL);
if ((err = mp_init_multi(&key->x, &key->y, &key->base, &key->prime, NULL)) != CRYPT_OK) {
return err;
}
if ((err = mp_read_unsigned_bin(key->base, (unsigned char*)g, glen)) != CRYPT_OK) { goto LBL_ERR; }
if ((err = mp_read_unsigned_bin(key->prime, (unsigned char*)p, plen)) != CRYPT_OK) { goto LBL_ERR; }
return CRYPT_OK;
LBL_ERR:
dh_free(key);
return err;
}
int wc_bigint_to_mp(WC_BIGINT* src, mp_int* dst)
{
int err;
if (src == NULL || dst == NULL)
return BAD_FUNC_ARG;
if (src->buf == NULL)
return BAD_FUNC_ARG;
err = mp_read_unsigned_bin(dst, src->buf, src->len);
wc_bigint_free(src);
return err;
}
/**
Import DSA's p, q & g from raw numbers
@param p DSA's p in binary representation
@param plen The length of p
@param q DSA's q in binary representation
@param qlen The length of q
@param g DSA's g in binary representation
@param glen The length of g
@param key [out] the destination for the imported key
@return CRYPT_OK if successful.
*/
int dsa_set_pqg(const unsigned char *p, unsigned long plen,
const unsigned char *q, unsigned long qlen,
const unsigned char *g, unsigned long glen,
dsa_key *key)
{
int err, stat;
LTC_ARGCHK(p != NULL);
LTC_ARGCHK(q != NULL);
LTC_ARGCHK(g != NULL);
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(ltc_mp.name != NULL);
/* init key */
err = mp_init_multi(&key->p, &key->g, &key->q, &key->x, &key->y, NULL);
if (err != CRYPT_OK) return err;
if ((err = mp_read_unsigned_bin(key->p, (unsigned char *)p , plen)) != CRYPT_OK) { goto LBL_ERR; }
if ((err = mp_read_unsigned_bin(key->g, (unsigned char *)g , glen)) != CRYPT_OK) { goto LBL_ERR; }
if ((err = mp_read_unsigned_bin(key->q, (unsigned char *)q , qlen)) != CRYPT_OK) { goto LBL_ERR; }
key->qord = mp_unsigned_bin_size(key->q);
/* do only a quick validation, without primality testing */
if ((err = dsa_int_validate_pqg(key, &stat)) != CRYPT_OK) { goto LBL_ERR; }
if (stat == 0) {
err = CRYPT_INVALID_PACKET;
goto LBL_ERR;
}
return CRYPT_OK;
LBL_ERR:
dsa_free(key);
return err;
}
static int mp_random(mp_int *mpi, const size_t bitsize) {
uint8_t *buf;
size_t size = bitsize / 8;
if(size > UINT_MAX)
return LNC_ERR_OVER;
if((buf = malloc(size)) == NULL)
return LNC_ERR_MALLOC;
lnc_fill_random(buf, (int)size, NULL);
mp_read_unsigned_bin(mpi, buf, (int)size);
free(buf);
return LNC_OK;
}
static int
random_num(mp_int *num, size_t len)
{
unsigned char *p;
len = (len + 7) / 8;
p = malloc(len);
if (p == NULL)
return 1;
if (RAND_bytes(p, len) != 1) {
free(p);
return 1;
}
mp_read_unsigned_bin(num, p, len);
free(p);
return 0;
}
/* read signed bin, big endian, first byte is 0==positive or 1==negative */
int mp_read_signed_bin MPA(mp_int * a, const unsigned char *b, int c)
{
int res;
/* read magnitude */
if ((res = mp_read_unsigned_bin (MPST, a, b + 1, c - 1)) != MP_OKAY) {
return res;
}
/* first byte is 0 for positive, non-zero for negative */
if (b[0] == 0) {
a->sign = MP_ZPOS;
} else {
a->sign = MP_NEG;
}
return MP_OKAY;
}
int pkcs_1_emsa_test(void)
{
int hash_idx = find_hash("sha1");
unsigned int i;
unsigned int j;
DO(hash_is_valid(hash_idx));
for (i = 0; i < sizeof(testcases_emsa)/sizeof(testcases_emsa[0]); ++i) {
testcase_t* t = &testcases_emsa[i];
rsa_key k, *key = &k;
DOX(mp_init_multi(&key->e, &key->d, &key->N, &key->dQ,
&key->dP, &key->qP, &key->p, &key->q, NULL), t->name);
DOX(mp_read_unsigned_bin(key->e, t->rsa.e, t->rsa.e_l), t->name);
DOX(mp_read_unsigned_bin(key->d, t->rsa.d, t->rsa.d_l), t->name);
DOX(mp_read_unsigned_bin(key->N, t->rsa.n, t->rsa.n_l), t->name);
DOX(mp_read_unsigned_bin(key->dQ, t->rsa.dQ, t->rsa.dQ_l), t->name);
DOX(mp_read_unsigned_bin(key->dP, t->rsa.dP, t->rsa.dP_l), t->name);
DOX(mp_read_unsigned_bin(key->qP, t->rsa.qInv, t->rsa.qInv_l), t->name);
DOX(mp_read_unsigned_bin(key->q, t->rsa.q, t->rsa.q_l), t->name);
DOX(mp_read_unsigned_bin(key->p, t->rsa.p, t->rsa.p_l), t->name);
key->type = PK_PRIVATE;
for (j = 0; j < sizeof(t->data)/sizeof(t->data[0]); ++j) {
rsaData_t* s = &t->data[j];
unsigned char buf[20], obuf[256];
unsigned long buflen = sizeof(buf), obuflen = sizeof(obuf);
int stat;
DOX(hash_memory(hash_idx, s->o1, s->o1_l, buf, &buflen), s->name);
DOX(rsa_sign_hash_ex(buf, buflen, obuf, &obuflen, LTC_PKCS_1_V1_5, NULL, -1, hash_idx, 0, key), s->name);
DOX(obuflen == (unsigned long)s->o2_l?CRYPT_OK:CRYPT_FAIL_TESTVECTOR, s->name);
DOX(memcmp(s->o2, obuf, s->o2_l)==0?CRYPT_OK:CRYPT_FAIL_TESTVECTOR, s->name);
DOX(rsa_verify_hash_ex(obuf, obuflen, buf, buflen, LTC_PKCS_1_V1_5, hash_idx, 0, &stat, key), s->name);
DOX(stat == 1?CRYPT_OK:CRYPT_FAIL_TESTVECTOR, s->name);
} /* for */
mp_clear_multi(key->d, key->e, key->N, key->dQ, key->dP, key->qP, key->p, key->q, NULL);
} /* for */
return 0;
}
rsa_keypair_t *rsa_read_public(const uint8_t *data, const size_t len) {
rsa_keypair_t *out;
uint32_t bytes_m, bytes_e;
size_t offs = 0;
if(checkdata(data, len, 2) == 0) return NULL;
if((out = emptypublic()) == NULL) return NULL;
mp_init_multi(out->modulus, out->public, NULL);
bytes_m = *(data + offs); offs += INT_SIZE;
mp_read_unsigned_bin(out->modulus, data + offs, bytes_m); offs += bytes_m;
bytes_e = *(data + offs); offs += INT_SIZE;
mp_read_unsigned_bin(out->public, data + offs, bytes_e); offs += bytes_m;
out->ksize_bytes = bytes_m;
return out;
}