1 /***************************************************************************
3 * Part II Project, "A secure, private IP network"
4 * Stephen Early <sde1000@cam.ac.uk>
9 * Description: RSA signature making and checking functions
11 * Copyright: (C) Stephen Early 1995
15 * $Date: 1996/05/16 18:40:14 $
19 ***************************************************************************/
22 * Revision 1.1 1996/05/16 18:40:14 sde1000
32 #define AUTHFILE_ID_STRING "SSH PRIVATE KEY FILE FORMAT 1.1\n"
36 struct rsaprivkey_if ops;
43 struct rsapubkey_if ops;
48 /* Sign data. NB data must be smaller than modulus */
50 static char *hexchars="0123456789abcdef";
52 static string_t rsa_sign(void *sst, uint8_t *data, uint32_t datalen)
54 struct rsapriv *st=sst;
63 msize=mpz_sizeinbase(&st->n, 16);
67 for (i=0; i<datalen; i++) {
68 buff[4+i*2]=hexchars[(data[i]&0xf0)>>4];
69 buff[5+i*2]=hexchars[data[i]&0xf];
73 for (i=datalen*2+4; i<msize; i++)
78 mpz_set_str(&a, buff, 16);
80 mpz_powm(&b, &a, &st->d, &st->n);
82 signature=write_mpstring(&b);
89 static bool_t rsa_sig_check(void *sst, uint8_t *data, uint32_t datalen,
92 struct rsapub *st=sst;
102 msize=mpz_sizeinbase(&st->n, 16);
106 for (i=0; i<datalen; i++) {
107 buff[4+i*2]=hexchars[(data[i]&0xf0)>>4];
108 buff[5+i*2]=hexchars[data[i]&0xf];
112 for (i=datalen*2+4; i<msize; i++)
117 mpz_set_str(&a, buff, 16);
119 mpz_set_str(&b, signature, 16);
121 mpz_powm(&c, &b, &st->e, &st->n);
123 ok=(mpz_cmp(&a, &c)==0);
132 static list_t *rsapub_apply(closure_t *self, struct cloc loc, dict_t *context,
139 st=safe_malloc(sizeof(*st),"rsapub_apply");
140 st->cl.description="rsapub";
141 st->cl.type=CL_RSAPUBKEY;
143 st->cl.interface=&st->ops;
145 st->ops.check=rsa_sig_check;
150 if (i->type!=t_string) {
151 cfgfatal(i->loc,"rsa-public","first argument must be a string");
154 if (mpz_init_set_str(&st->e,e,10)!=0) {
155 cfgfatal(i->loc,"rsa-public","encryption key \"%s\" is not a "
156 "decimal number string\n",e);
159 cfgfatal(loc,"rsa-public","you must provide an encryption key\n");
164 if (i->type!=t_string) {
165 cfgfatal(i->loc,"rsa-public","second argument must be a string");
168 if (mpz_init_set_str(&st->n,n,10)!=0) {
169 cfgfatal(i->loc,"rsa-public","modulus \"%s\" is not a decimal "
170 "number string\n",n);
173 cfgfatal(loc,"rsa-public","you must provide a modulus\n");
175 return new_closure(&st->cl);
178 static uint32_t keyfile_get_int(FILE *f)
188 static uint16_t keyfile_get_short(FILE *f)
196 static list_t *rsapriv_apply(closure_t *self, struct cloc loc, dict_t *context,
206 MP_INT e,sig,plain,check;
208 st=safe_malloc(sizeof(*st),"rsapriv_apply");
209 st->cl.description="rsapriv";
210 st->cl.type=CL_RSAPRIVKEY;
212 st->cl.interface=&st->ops;
214 st->ops.sign=rsa_sign;
217 /* Argument is filename pointing to SSH1 private key file */
220 if (i->type!=t_string) {
221 cfgfatal(i->loc,"rsa-public","first argument must be a string");
223 filename=i->data.string;
225 filename=""; /* Make compiler happy */
226 cfgfatal(loc,"rsa-private","you must provide a filename\n");
229 f=fopen(filename,"rb");
231 fatal_perror("rsa-private (%s:%d): cannot open file \"%s\"",
232 loc.file,loc.line,filename);
235 /* Check that the ID string is correct */
236 length=strlen(AUTHFILE_ID_STRING)+1;
237 b=safe_malloc(length,"rsapriv_apply");
238 if (fread(b,length,1,f)!=1 || memcmp(b,AUTHFILE_ID_STRING,length)!=0) {
239 cfgfatal(loc,"rsa-private","file \"%s\" is not a "
240 "SSH1 private keyfile\n",filename);
244 cipher_type=fgetc(f);
245 keyfile_get_int(f); /* "Reserved data" */
246 if (cipher_type != 0) {
247 cfgfatal(loc,"rsa-private","we don't support encrypted keyfiles\n");
250 /* Read the public key */
251 keyfile_get_int(f); /* Not sure what this is */
252 length=(keyfile_get_short(f)+7)/8;
254 cfgfatal(loc,"rsa-private","implausible length %ld for modulus\n",
257 b=safe_malloc(length,"rsapriv_apply");
258 if (fread(b,length,1,f) != 1) {
259 cfgfatal(loc,"rsa-private","error reading modulus\n");
262 read_mpbin(&st->n,b,length);
264 length=(keyfile_get_short(f)+7)/8;
266 cfgfatal(loc,"rsa-private","implausible length %ld for e\n",length);
268 b=safe_malloc(length,"rsapriv_apply");
269 if (fread(b,length,1,f)!=1) {
270 cfgfatal(loc,"rsa-private","error reading e\n");
273 read_mpbin(&e,b,length);
276 length=keyfile_get_int(f);
278 cfgfatal(loc,"rsa-private","implausibly long (%ld) key comment\n",
281 c=safe_malloc(length+1,"rsapriv_apply");
282 if (fread(c,length,1,f)!=1) {
283 cfgfatal(loc,"rsa-private","error reading key comment\n");
287 /* Check that the next two pairs of characters are identical - the
288 keyfile is not encrypted, so they should be */
289 if (keyfile_get_short(f) != keyfile_get_short(f)) {
290 cfgfatal(loc,"rsa-private","corrupt keyfile\n");
294 length=(keyfile_get_short(f)+7)/8;
296 cfgfatal(loc,"rsa-private","implausibly long (%ld) decryption key\n",
299 b=safe_malloc(length,"rsapriv_apply");
300 if (fread(b,length,1,f)!=1) {
301 cfgfatal(loc,"rsa-private","error reading decryption key\n");
304 read_mpbin(&st->d,b,length);
308 fatal_perror("rsa-private (%s:%d): fclose",loc.file,loc.line);
311 /* Now do trial signature/check to make sure it's a real keypair:
312 sign the comment string! */
316 read_mpbin(&plain,c,strlen(c));
317 mpz_powm(&sig, &plain, &st->d, &st->n);
318 mpz_powm(&check, &sig, &e, &st->n);
319 if (mpz_cmp(&plain,&check)!=0) {
320 cfgfatal(loc,"rsa-private","file \"%s\" does not contain a "
321 "valid RSA key!\n",filename);
330 return new_closure(&st->cl);
333 init_module rsa_module;
334 void rsa_module(dict_t *dict)
336 add_closure(dict,"rsa-private",rsapriv_apply);
337 add_closure(dict,"rsa-public",rsapub_apply);