RSA public-key cryptography.
RSA is documented in RFC 3447.
Definition in file rsa.c.
Allocate RSA dynamic storage.
- Parameters
-
context | RSA context |
modulus_len | Modulus length |
exponent_len | Exponent length |
- Return values
-
Definition at line 107 of file rsa.c.
112 bigint_t ( exponent_size ) *exponent;
116 bigint_t ( exponent_size ) exponent;
123 dynamic =
malloc (
sizeof ( *dynamic ) );
129 context->
modulus0 = &dynamic->modulus.element[0];
131 context->
max_len = modulus_len;
132 context->
exponent0 = &dynamic->exponent.element[0];
134 context->
input0 = &dynamic->input.element[0];
135 context->
output0 = &dynamic->output.element[0];
136 context->
tmp = &dynamic->tmp;
void * tmp
Temporary working space for modular exponentiation.
bigint_element_t * output0
Output buffer.
unsigned int exponent_size
Exponent size.
bigint_element_t * modulus0
Modulus.
#define ENOMEM
Not enough space.
#define bigint_mod_exp_tmp_len(modulus, exponent)
Calculate temporary working space required for moduluar exponentiation.
unsigned int size
Modulus size.
size_t max_len
Modulus length.
void * dynamic
Allocated memory.
bigint_element_t * input0
Input buffer.
#define bigint_required_size(len)
Determine number of elements required for a big-integer type.
void * malloc(size_t size)
Allocate memory.
bigint_element_t * exponent0
Exponent.
uint8_t size
Entry size (in 32-bit words)
typedef bigint_t(X25519_SIZE) x25519_t
An X25519 unsigned big integer used in internal calculations.
References __attribute__, bigint_mod_exp_tmp_len, bigint_required_size, bigint_t(), rsa_context::dynamic, ENOMEM, rsa_context::exponent0, rsa_context::exponent_size, rsa_context::input0, malloc(), rsa_context::max_len, rsa_context::modulus0, rsa_context::output0, size, rsa_context::size, tmp, and rsa_context::tmp.
Referenced by rsa_init().
Parse RSA modulus and exponent.
- Parameters
-
modulus | Modulus to fill in |
exponent | Exponent to fill in |
raw | ASN.1 cursor |
- Return values
-
Definition at line 177 of file rsa.c.
186 memcpy ( &cursor,
raw,
sizeof ( cursor ) );
200 &rsa_encryption_algorithm ) == 0 ) {
227 cursor.len =
bits.len;
struct arbelprm_rc_send_wqe rc
int asn1_enter(struct asn1_cursor *cursor, unsigned int type)
Enter ASN.1 object.
static unsigned int asn1_type(const struct asn1_cursor *cursor)
Extract ASN.1 type.
int asn1_skip_any(struct asn1_cursor *cursor)
Skip ASN.1 object of any type.
void * memcpy(void *dest, const void *src, size_t len) __nonnull
static int rsa_parse_integer(struct asn1_cursor *integer, const struct asn1_cursor *raw)
Parse RSA integer.
int asn1_check_algorithm(const struct asn1_cursor *cursor, struct asn1_algorithm *expected)
Check ASN.1 OID-identified algorithm.
int asn1_integral_bit_string(const struct asn1_cursor *cursor, struct asn1_bit_string *bits)
Parse ASN.1 bit string that must be an integral number of bytes.
#define ASN1_SEQUENCE
ASN.1 sequence.
#define ASN1_INTEGER
ASN.1 integer.
static volatile void * bits
int asn1_skip(struct asn1_cursor *cursor, unsigned int type)
Skip ASN.1 object.
struct arbelprm_wqe_segment_data_ptr data[ARBEL_MAX_GATHER]
#define ASN1_OCTET_STRING
ASN.1 octet string.
References asn1_check_algorithm(), asn1_enter(), ASN1_INTEGER, asn1_integral_bit_string(), ASN1_OCTET_STRING, ASN1_SEQUENCE, asn1_skip(), asn1_skip_any(), asn1_type(), bits, asn1_cursor::data, asn1_cursor::len, memcpy(), raw, rc, and rsa_parse_integer().
Referenced by rsa_init(), rsa_match(), and rsa_max_len().
Initialise RSA cipher.
- Parameters
-
context | RSA context |
key | Key |
- Return values
-
Definition at line 256 of file rsa.c.
263 memset ( context, 0,
sizeof ( *context ) );
267 DBGC ( context,
"RSA %p invalid modulus/exponent:\n", context );
272 DBGC ( context,
"RSA %p modulus:\n", context );
273 DBGC_HDA ( context, 0, modulus.data, modulus.len );
274 DBGC ( context,
"RSA %p exponent:\n", context );
275 DBGC_HDA ( context, 0, exponent.data, exponent.len );
278 if ( (
rc =
rsa_alloc ( context, modulus.len, exponent.len ) ) != 0 )
283 modulus.data, modulus.len );
285 context->
exponent0 ), exponent.data, exponent.len );
static int rsa_parse_mod_exp(struct asn1_cursor *modulus, struct asn1_cursor *exponent, const struct asn1_cursor *raw)
Parse RSA modulus and exponent.
struct arbelprm_rc_send_wqe rc
unsigned int exponent_size
Exponent size.
#define bigint_init(value, data, len)
Initialise big integer.
bigint_element_t * modulus0
Modulus.
unsigned int size
Modulus size.
static void rsa_free(struct rsa_context *context)
Free RSA dynamic storage.
bigint_element_t * exponent0
Exponent.
static int rsa_alloc(struct rsa_context *context, size_t modulus_len, size_t exponent_len)
Allocate RSA dynamic storage.
typedef bigint_t(X25519_SIZE) x25519_t
An X25519 unsigned big integer used in internal calculations.
void * memset(void *dest, int character, size_t len) __nonnull
References bigint_init, bigint_t(), asn1_cursor::data, DBGC, DBGC_HDA, rsa_context::exponent0, rsa_context::exponent_size, key, asn1_cursor::len, memset(), rsa_context::modulus0, rc, rsa_alloc(), rsa_free(), rsa_parse_mod_exp(), and rsa_context::size.
Referenced by rsa_decrypt(), rsa_encrypt(), rsa_sign(), and rsa_verify().
static void rsa_cipher |
( |
struct rsa_context * |
context, |
|
|
const void * |
in, |
|
|
void * |
out |
|
) |
| |
|
static |
Perform RSA cipher operation.
- Parameters
-
context | RSA context |
in | Input buffer |
out | Output buffer |
Definition at line 323 of file rsa.c.
void * tmp
Temporary working space for modular exponentiation.
bigint_element_t * output0
Output buffer.
#define bigint_mod_exp(base, modulus, exponent, result, tmp)
Perform modular exponentiation of big integers.
unsigned int exponent_size
Exponent size.
#define bigint_init(value, data, len)
Initialise big integer.
bigint_element_t * modulus0
Modulus.
unsigned int size
Modulus size.
size_t max_len
Modulus length.
bigint_element_t * input0
Input buffer.
#define bigint_done(value, out, len)
Finalise big integer.
bigint_element_t * exponent0
Exponent.
typedef bigint_t(X25519_SIZE) x25519_t
An X25519 unsigned big integer used in internal calculations.
References bigint_done, bigint_init, bigint_mod_exp, bigint_t(), rsa_context::exponent0, rsa_context::exponent_size, in, rsa_context::input0, rsa_context::max_len, rsa_context::modulus0, out, rsa_context::output0, rsa_context::size, and rsa_context::tmp.
Referenced by rsa_decrypt(), rsa_encrypt(), rsa_sign(), and rsa_verify().
static int rsa_encrypt |
( |
const struct asn1_cursor * |
key, |
|
|
const void * |
plaintext, |
|
|
size_t |
plaintext_len, |
|
|
void * |
ciphertext |
|
) |
| |
|
static |
Encrypt using RSA.
- Parameters
-
key | Key |
plaintext | Plaintext |
plaintext_len | Length of plaintext |
ciphertext | Ciphertext |
- Return values
-
ciphertext_len | Length of ciphertext, or negative error |
Definition at line 350 of file rsa.c.
356 size_t random_nz_len;
359 DBGC ( &context,
"RSA %p encrypting:\n", &context );
360 DBGC_HDA ( &context, 0, plaintext, plaintext_len );
367 max_len = ( context.max_len - 11 );
368 random_nz_len = (
max_len - plaintext_len + 8 );
371 if ( plaintext_len >
max_len ) {
372 DBGC ( &context,
"RSA %p plaintext too long (%zd bytes, max " 373 "%zd)\n", &context, plaintext_len,
max_len );
381 temp = context.output0;
386 DBGC ( &context,
"RSA %p could not generate random data: %s\n",
390 encoded[ 2 + random_nz_len ] = 0x00;
391 memcpy ( &encoded[ context.max_len - plaintext_len ],
392 plaintext, plaintext_len );
396 DBGC ( &context,
"RSA %p encrypted:\n", &context );
397 DBGC_HDA ( &context, 0, ciphertext, context.max_len );
402 return context.max_len;
struct arbelprm_rc_send_wqe rc
int get_random_nz(void *data, size_t len)
Get random non-zero bytes.
static void rsa_cipher(struct rsa_context *context, const void *in, void *out)
Perform RSA cipher operation.
void * memcpy(void *dest, const void *src, size_t len) __nonnull
size_t max_len
Modulus length.
static void rsa_free(struct rsa_context *context)
Free RSA dynamic storage.
#define ERANGE
Result too large.
char * strerror(int errno)
Retrieve string representation of error number.
static int rsa_init(struct rsa_context *context, const struct asn1_cursor *key)
Initialise RSA cipher.
References DBGC, DBGC_HDA, ERANGE, get_random_nz(), key, rsa_context::max_len, memcpy(), rsa_context::output0, rc, rsa_cipher(), rsa_free(), rsa_init(), and strerror().
static int rsa_decrypt |
( |
const struct asn1_cursor * |
key, |
|
|
const void * |
ciphertext, |
|
|
size_t |
ciphertext_len, |
|
|
void * |
plaintext |
|
) |
| |
|
static |
Decrypt using RSA.
- Parameters
-
key | Key |
ciphertext | Ciphertext |
ciphertext_len | Ciphertext length |
plaintext | Plaintext |
- Return values
-
plaintext_len | Plaintext length, or negative error |
Definition at line 420 of file rsa.c.
428 size_t plaintext_len;
431 DBGC ( &context,
"RSA %p decrypting:\n", &context );
432 DBGC_HDA ( &context, 0, ciphertext, ciphertext_len );
439 if ( ciphertext_len != context.max_len ) {
440 DBGC ( &context,
"RSA %p ciphertext incorrect length (%zd " 441 "bytes, should be %zd)\n",
442 &context, ciphertext_len, context.max_len );
450 temp = context.input0;
455 end = ( encoded + context.max_len );
456 if ( ( encoded[0] != 0x00 ) || ( encoded[1] != 0x02 ) ) {
460 zero =
memchr ( &encoded[2], 0, (
end - &encoded[2] ) );
465 start = ( zero + 1 );
470 DBGC ( &context,
"RSA %p decrypted:\n", &context );
471 DBGC_HDA ( &context, 0, plaintext, plaintext_len );
476 return plaintext_len;
479 DBGC ( &context,
"RSA %p invalid decrypted message:\n", &context );
480 DBGC_HDA ( &context, 0, encoded, context.max_len );
#define EINVAL
Invalid argument.
struct arbelprm_rc_send_wqe rc
static void rsa_cipher(struct rsa_context *context, const void *in, void *out)
Perform RSA cipher operation.
void * memchr(const void *src, int character, size_t len)
Find character within a memory region.
uint32_t start
Starting offset.
void * memcpy(void *dest, const void *src, size_t len) __nonnull
static void rsa_free(struct rsa_context *context)
Free RSA dynamic storage.
#define ERANGE
Result too large.
uint32_t end
Ending offset.
static int rsa_init(struct rsa_context *context, const struct asn1_cursor *key)
Initialise RSA cipher.
References DBGC, DBGC_HDA, EINVAL, end, ERANGE, rsa_context::input0, key, rsa_context::max_len, memchr(), memcpy(), rc, rsa_cipher(), rsa_free(), rsa_init(), and start.
Encode RSA digest.
- Parameters
-
context | RSA context |
digest | Digest algorithm |
value | Digest value |
encoded | Encoded digest |
- Return values
-
Definition at line 496 of file rsa.c.
502 size_t digestinfo_len;
509 DBGC ( context,
"RSA %p has no prefix for %s\n",
513 digestinfo_len = (
prefix->len + digest_len );
516 max_len = ( context->
max_len - 11 );
517 if ( digestinfo_len > max_len ) {
518 DBGC ( context,
"RSA %p %s digestInfo too long (%zd bytes, " 519 "max %zd)\n", context,
digest->
name, digestinfo_len,
523 DBGC ( context,
"RSA %p encoding %s digest:\n",
530 pad_len = ( max_len - digestinfo_len + 8 );
539 DBGC ( context,
"RSA %p encoded %s digest:\n", context,
digest->
name );
static struct rsa_digestinfo_prefix * rsa_find_prefix(struct digest_algorithm *digest)
Identify RSA prefix.
#define ENOTSUP
Operation not supported.
void * memcpy(void *dest, const void *src, size_t len) __nonnull
assert((readw(&hdr->flags) &(GTF_reading|GTF_writing))==0)
pseudo_bit_t value[0x00020]
size_t max_len
Modulus length.
#define ERANGE
Result too large.
An RSA digestInfo prefix.
size_t digestsize
Digest size.
const char * name
Algorithm name.
struct digest_algorithm * digest
Digest algorithm.
void * memset(void *dest, int character, size_t len) __nonnull
References assert(), DBGC, DBGC_HDA, rsa_digestinfo_prefix::digest, digest_algorithm::digestsize, ENOTSUP, ERANGE, rsa_context::max_len, memcpy(), memset(), digest_algorithm::name, pad_len, prefix, rsa_find_prefix(), and value.
Referenced by rsa_sign(), and rsa_verify().
Sign digest value using RSA.
- Parameters
-
key | Key |
digest | Digest algorithm |
value | Digest value |
signature | Signature |
- Return values
-
signature_len | Signature length, or negative error |
Definition at line 554 of file rsa.c.
561 DBGC ( &context,
"RSA %p signing %s digest:\n",
562 &context, digest->
name );
572 temp = context.output0;
578 DBGC ( &context,
"RSA %p signed %s digest:\n", &context, digest->
name );
584 return context.max_len;
struct arbelprm_rc_send_wqe rc
static int rsa_encode_digest(struct rsa_context *context, struct digest_algorithm *digest, const void *value, void *encoded)
Encode RSA digest.
static void rsa_cipher(struct rsa_context *context, const void *in, void *out)
Perform RSA cipher operation.
pseudo_bit_t value[0x00020]
static void rsa_free(struct rsa_context *context)
Free RSA dynamic storage.
size_t digestsize
Digest size.
const char * name
Algorithm name.
static int rsa_init(struct rsa_context *context, const struct asn1_cursor *key)
Initialise RSA cipher.
u8 signature
CPU signature.
References DBGC, DBGC_HDA, digest_algorithm::digestsize, key, rsa_context::max_len, digest_algorithm::name, rsa_context::output0, rc, rsa_cipher(), rsa_encode_digest(), rsa_free(), rsa_init(), signature, and value.
Verify signed digest value using RSA.
- Parameters
-
key | Key |
digest | Digest algorithm |
value | Digest value |
signature | Signature |
signature_len | Signature length |
- Return values
-
Definition at line 602 of file rsa.c.
611 DBGC ( &context,
"RSA %p verifying %s digest:\n",
612 &context, digest->
name );
621 if ( signature_len != context.max_len ) {
622 DBGC ( &context,
"RSA %p signature incorrect length (%zd " 623 "bytes, should be %zd)\n",
624 &context, signature_len, context.max_len );
632 temp = context.input0;
635 DBGC ( &context,
"RSA %p deciphered signature:\n", &context );
636 DBGC_HDA ( &context, 0, expected, context.max_len );
641 temp = context.output0;
648 if (
memcmp ( actual, expected, context.max_len ) != 0 ) {
649 DBGC ( &context,
"RSA %p signature verification failed\n",
658 DBGC ( &context,
"RSA %p signature verified successfully\n", &context );
struct arbelprm_rc_send_wqe rc
static int rsa_encode_digest(struct rsa_context *context, struct digest_algorithm *digest, const void *value, void *encoded)
Encode RSA digest.
static void rsa_cipher(struct rsa_context *context, const void *in, void *out)
Perform RSA cipher operation.
pseudo_bit_t value[0x00020]
static void rsa_free(struct rsa_context *context)
Free RSA dynamic storage.
#define ERANGE
Result too large.
size_t digestsize
Digest size.
const char * name
Algorithm name.
static int rsa_init(struct rsa_context *context, const struct asn1_cursor *key)
Initialise RSA cipher.
u8 signature
CPU signature.
int memcmp(const void *first, const void *second, size_t len)
Compare memory regions.
References DBGC, DBGC_HDA, digest_algorithm::digestsize, EACCES_VERIFY, ERANGE, rsa_context::input0, key, rsa_context::max_len, memcmp(), digest_algorithm::name, rsa_context::output0, rc, rsa_cipher(), rsa_encode_digest(), rsa_free(), rsa_init(), signature, and value.