Commit ca371a48 authored by Michael Jung's avatar Michael Jung Committed by Alexandre Julliard

Incorporated LibTomCrypt code into rsaenh to get rid of OpenSSL

dependencies.
parent c50d8743
......@@ -7,8 +7,14 @@ MODULE = rsaenh.dll
IMPORTS = advapi32 kernel32
C_SRCS = \
des.c \
handle.c \
implossl.c \
implglue.c \
md2.c \
mpi.c \
rc2.c \
rc4.c \
rsa.c \
rsaenh.c
SUBDIRS = tests
......
This source diff could not be displayed because it is too large. You can view the blob instead.
/*
* dlls/rsaenh/implossl.h
* Encapsulating the OpenSSL dependend parts of RSABASE
* dlls/rsaenh/implglue.h
* Glueing the RSAENH specific code to the crypto library
*
* Copyright (c) 2004 Michael Jung
*
......@@ -21,28 +21,10 @@
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifndef __WINE_IMPLOSSL_H
#define __WINE_IMPLOSSL_H
#ifndef __WINE_IMPLGLUE_H
#define __WINE_IMPLGLUE_H
#ifdef HAVE_OPENSSL_MD2_H
#include <openssl/md2.h>
#endif
#ifdef HAVE_OPENSSL_RC2_H
#include <openssl/rc2.h>
#endif
#ifdef HAVE_OPENSSL_RC4_H
#include <openssl/rc4.h>
#endif
#ifdef HAVE_OPENSSL_DES_H
#include <openssl/des.h>
#endif
#ifdef HAVE_OPENSSL_RSA_H
#include <openssl/rsa.h>
#endif
#include "tomcrypt.h"
/* Next typedef copied from dlls/advapi32/crypt_md4.c */
typedef struct tagMD4_CTX {
......@@ -71,32 +53,20 @@ typedef struct tagSHA_CTX
} SHA_CTX, *PSHA_CTX;
typedef union tagHASH_CONTEXT {
#ifdef HAVE_OPENSSL_MD2_H
MD2_CTX md2;
#endif
md2_state md2;
MD4_CTX md4;
MD5_CTX md5;
SHA_CTX sha;
} HASH_CONTEXT;
typedef union tagKEY_CONTEXT {
#ifdef HAVE_OPENSSL_RC2_H
RC2_KEY rc2;
#endif
#ifdef HAVE_OPENSSL_RC4_H
RC4_KEY rc4;
#endif
#ifdef HAVE_OPENSSL_DES_H
DES_key_schedule des[3];
#endif
#ifdef HAVE_OPENSSL_RSA_H
RSA *rsa;
#endif
DWORD dwDummy;
rc2_key rc2;
des_key des;
des3_key des3;
prng_state rc4;
rsa_key rsa;
} KEY_CONTEXT;
BOOL load_lib(void);
BOOL init_hash_impl(ALG_ID aiAlgid, HASH_CONTEXT *pHashContext);
BOOL update_hash_impl(ALG_ID aiAlgid, HASH_CONTEXT *pHashContext, CONST BYTE *pbData,
DWORD dwDataLen);
......@@ -126,4 +96,4 @@ BOOL import_private_key_impl(CONST BYTE* pbSrc, KEY_CONTEXT *pKeyContext, DWORD
BOOL gen_rand_impl(BYTE *pbBuffer, DWORD dwLen);
#endif /* __WINE_IMPLOSSL_H */
#endif /* __WINE_IMPLGLUE_H */
/*
* dlls/rsaenh/md2.c
* MD2 (RFC 1319) hash function implementation by Tom St Denis
*
* Copyright 2004 Michael Jung
* Based on public domain code by Tom St Denis (tomstdenis@iahu.ca)
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/*
* This file contains code from the LibTomCrypt cryptographic
* library written by Tom St Denis (tomstdenis@iahu.ca). LibTomCrypt
* is in the public domain. The code in this file is tailored to
* special requirements. Take a look at http://libtomcrypt.org for the
* original version.
*/
#include "tomcrypt.h"
static const unsigned char PI_SUBST[256] = {
41, 46, 67, 201, 162, 216, 124, 1, 61, 54, 84, 161, 236, 240, 6,
19, 98, 167, 5, 243, 192, 199, 115, 140, 152, 147, 43, 217, 188,
76, 130, 202, 30, 155, 87, 60, 253, 212, 224, 22, 103, 66, 111, 24,
138, 23, 229, 18, 190, 78, 196, 214, 218, 158, 222, 73, 160, 251,
245, 142, 187, 47, 238, 122, 169, 104, 121, 145, 21, 178, 7, 63,
148, 194, 16, 137, 11, 34, 95, 33, 128, 127, 93, 154, 90, 144, 50,
39, 53, 62, 204, 231, 191, 247, 151, 3, 255, 25, 48, 179, 72, 165,
181, 209, 215, 94, 146, 42, 172, 86, 170, 198, 79, 184, 56, 210,
150, 164, 125, 182, 118, 252, 107, 226, 156, 116, 4, 241, 69, 157,
112, 89, 100, 113, 135, 32, 134, 91, 207, 101, 230, 45, 168, 2, 27,
96, 37, 173, 174, 176, 185, 246, 28, 70, 97, 105, 52, 64, 126, 15,
85, 71, 163, 35, 221, 81, 175, 58, 195, 92, 249, 206, 186, 197,
234, 38, 44, 83, 13, 110, 133, 40, 132, 9, 211, 223, 205, 244, 65,
129, 77, 82, 106, 220, 55, 200, 108, 193, 171, 250, 36, 225, 123,
8, 12, 189, 177, 74, 120, 136, 149, 139, 227, 99, 232, 109, 233,
203, 213, 254, 59, 0, 29, 57, 242, 239, 183, 14, 102, 88, 208, 228,
166, 119, 114, 248, 235, 117, 75, 10, 49, 68, 80, 180, 143, 237,
31, 26, 219, 153, 141, 51, 159, 17, 131, 20
};
/* adds 16 bytes to the checksum */
static void md2_update_chksum(md2_state *md2)
{
int j;
unsigned char L;
L = md2->chksum[15];
for (j = 0; j < 16; j++) {
/* caution, the RFC says its "C[j] = S[M[i*16+j] xor L]" but the reference source code [and test vectors] say
otherwise.
*/
L = (md2->chksum[j] ^= PI_SUBST[(int)(md2->buf[j] ^ L)] & 255);
}
}
static void md2_compress(md2_state *md2)
{
int j, k;
unsigned char t;
/* copy block */
for (j = 0; j < 16; j++) {
md2->X[16+j] = md2->buf[j];
md2->X[32+j] = md2->X[j] ^ md2->X[16+j];
}
t = (unsigned char)0;
/* do 18 rounds */
for (j = 0; j < 18; j++) {
for (k = 0; k < 48; k++) {
t = (md2->X[k] ^= PI_SUBST[(int)(t & 255)]);
}
t = (t + (unsigned char)j) & 255;
}
}
int md2_init(md2_state *md2)
{
/* MD2 uses a zero'ed state... */
memset(md2->X, 0, sizeof(md2->X));
memset(md2->chksum, 0, sizeof(md2->chksum));
memset(md2->buf, 0, sizeof(md2->buf));
md2->curlen = 0;
return CRYPT_OK;
}
int md2_process(md2_state *md2, const unsigned char *buf, unsigned long len)
{
unsigned long n;
if (md2->curlen > sizeof(md2->buf)) {
return CRYPT_INVALID_ARG;
}
while (len > 0) {
n = MIN(len, (16 - md2->curlen));
memcpy(md2->buf + md2->curlen, buf, (size_t)n);
md2->curlen += n;
buf += n;
len -= n;
/* is 16 bytes full? */
if (md2->curlen == 16) {
md2_compress(md2);
md2_update_chksum(md2);
md2->curlen = 0;
}
}
return CRYPT_OK;
}
int md2_done(md2_state * md2, unsigned char *hash)
{
unsigned long i, k;
if (md2->curlen >= sizeof(md2->buf)) {
return CRYPT_INVALID_ARG;
}
/* pad the message */
k = 16 - md2->curlen;
for (i = md2->curlen; i < 16; i++) {
md2->buf[i] = (unsigned char)k;
}
/* hash and update */
md2_compress(md2);
md2_update_chksum(md2);
/* hash checksum */
memcpy(md2->buf, md2->chksum, 16);
md2_compress(md2);
/* output is lower 16 bytes of X */
memcpy(hash, md2->X, 16);
return CRYPT_OK;
}
This source diff could not be displayed because it is too large. You can view the blob instead.
/*
* dlls/rsaen/rc2.c
* RC2 functions
*
* Copyright 2004 Michael Jung
* Based on public domain code by Tom St Denis (tomstdenis@iahu.ca)
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/*
* This file contains code from the LibTomCrypt cryptographic
* library written by Tom St Denis (tomstdenis@iahu.ca). LibTomCrypt
* is in the public domain. The code in this file is tailored to
* special requirements. Take a look at http://libtomcrypt.org for the
* original version.
*/
#include "tomcrypt.h"
/* 256-entry permutation table, probably derived somehow from pi */
static const unsigned char permute[256] = {
217,120,249,196, 25,221,181,237, 40,233,253,121, 74,160,216,157,
198,126, 55,131, 43,118, 83,142, 98, 76,100,136, 68,139,251,162,
23,154, 89,245,135,179, 79, 19, 97, 69,109,141, 9,129,125, 50,
189,143, 64,235,134,183,123, 11,240,149, 33, 34, 92,107, 78,130,
84,214,101,147,206, 96,178, 28,115, 86,192, 20,167,140,241,220,
18,117,202, 31, 59,190,228,209, 66, 61,212, 48,163, 60,182, 38,
111,191, 14,218, 70,105, 7, 87, 39,242, 29,155,188,148, 67, 3,
248, 17,199,246,144,239, 62,231, 6,195,213, 47,200,102, 30,215,
8,232,234,222,128, 82,238,247,132,170,114,172, 53, 77,106, 42,
150, 26,210,113, 90, 21, 73,116, 75,159,208, 94, 4, 24,164,236,
194,224, 65,110, 15, 81,203,204, 36,145,175, 80,161,244,112, 57,
153,124, 58,133, 35,184,180,122,252, 2, 54, 91, 37, 85,151, 49,
45, 93,250,152,227,138,146,174, 5,223, 41, 16,103,108,186,201,
211, 0,230,207,225,158,168, 44, 99, 22, 1, 63, 88,226,137,169,
13, 56, 52, 27,171, 51,255,176,187, 72, 12, 95,185,177,205, 46,
197,243,219, 71,229,165,156,119, 10,166, 32,104,254,127,193,173
};
int rc2_setup(const unsigned char *key, int keylen, int bits, int rounds, rc2_key *rc2)
{
unsigned *xkey = rc2->xkey;
unsigned char tmp[128];
unsigned T8, TM;
int i;
if (keylen < 5 || keylen > 128) {
return CRYPT_INVALID_KEYSIZE;
}
if (rounds != 0 && rounds != 16) {
return CRYPT_INVALID_ROUNDS;
}
/* Following comment is from Eric Young's rc2 code: */
/* It has come to my attention that there are 2 versions of the RC2
* key schedule. One which is normal, and anther which has a hook to
* use a reduced key length.
* BSAFE uses the 'retarded' version. What I previously shipped is
* the same as specifying 1024 for the 'bits' parameter. Bsafe uses
* a version where the bits parameter is the same as len*8 */
/* Seems like MS uses the 'retarded' version, too.
* Adjust effective keylen bits */
if (bits <= 0) bits = keylen << 3;
if (bits > 1024) bits = 1024;
for (i = 0; i < keylen; i++) {
tmp[i] = key[i] & 255;
}
/* Phase 1: Expand input key to 128 bytes */
if (keylen < 128) {
for (i = keylen; i < 128; i++) {
tmp[i] = permute[(tmp[i - 1] + tmp[i - keylen]) & 255];
}
}
/* Phase 2 - reduce effective key size to "bits" */
/*bits = keylen<<3; */
T8 = (unsigned)(bits+7)>>3;
TM = (255 >> (unsigned)(7 & -bits));
tmp[128 - T8] = permute[tmp[128 - T8] & TM];
for (i = 127 - T8; i >= 0; i--) {
tmp[i] = permute[tmp[i + 1] ^ tmp[i + T8]];
}
/* Phase 3 - copy to xkey in little-endian order */
for (i = 0; i < 64; i++) {
xkey[i] = (unsigned)tmp[2*i] + ((unsigned)tmp[2*i+1] << 8);
}
return CRYPT_OK;
}
/**********************************************************************\
* Encrypt an 8-byte block of plaintext using the given key. *
\**********************************************************************/
void rc2_ecb_encrypt( const unsigned char *plain,
unsigned char *cipher,
rc2_key *rc2)
{
unsigned *xkey;
unsigned x76, x54, x32, x10, i;
xkey = rc2->xkey;
x76 = ((unsigned)plain[7] << 8) + (unsigned)plain[6];
x54 = ((unsigned)plain[5] << 8) + (unsigned)plain[4];
x32 = ((unsigned)plain[3] << 8) + (unsigned)plain[2];
x10 = ((unsigned)plain[1] << 8) + (unsigned)plain[0];
for (i = 0; i < 16; i++) {
x10 = (x10 + (x32 & ~x76) + (x54 & x76) + xkey[4*i+0]) & 0xFFFF;
x10 = ((x10 << 1) | (x10 >> 15));
x32 = (x32 + (x54 & ~x10) + (x76 & x10) + xkey[4*i+1]) & 0xFFFF;
x32 = ((x32 << 2) | (x32 >> 14));
x54 = (x54 + (x76 & ~x32) + (x10 & x32) + xkey[4*i+2]) & 0xFFFF;
x54 = ((x54 << 3) | (x54 >> 13));
x76 = (x76 + (x10 & ~x54) + (x32 & x54) + xkey[4*i+3]) & 0xFFFF;
x76 = ((x76 << 5) | (x76 >> 11));
if (i == 4 || i == 10) {
x10 = (x10 + xkey[x76 & 63]) & 0xFFFF;
x32 = (x32 + xkey[x10 & 63]) & 0xFFFF;
x54 = (x54 + xkey[x32 & 63]) & 0xFFFF;
x76 = (x76 + xkey[x54 & 63]) & 0xFFFF;
}
}
cipher[0] = (unsigned char)x10;
cipher[1] = (unsigned char)(x10 >> 8);
cipher[2] = (unsigned char)x32;
cipher[3] = (unsigned char)(x32 >> 8);
cipher[4] = (unsigned char)x54;
cipher[5] = (unsigned char)(x54 >> 8);
cipher[6] = (unsigned char)x76;
cipher[7] = (unsigned char)(x76 >> 8);
}
/**********************************************************************\
* Decrypt an 8-byte block of ciphertext using the given key. *
\**********************************************************************/
void rc2_ecb_decrypt( const unsigned char *cipher,
unsigned char *plain,
rc2_key *rc2)
{
unsigned x76, x54, x32, x10;
unsigned *xkey;
int i;
xkey = rc2->xkey;
x76 = ((unsigned)cipher[7] << 8) + (unsigned)cipher[6];
x54 = ((unsigned)cipher[5] << 8) + (unsigned)cipher[4];
x32 = ((unsigned)cipher[3] << 8) + (unsigned)cipher[2];
x10 = ((unsigned)cipher[1] << 8) + (unsigned)cipher[0];
for (i = 15; i >= 0; i--) {
if (i == 4 || i == 10) {
x76 = (x76 - xkey[x54 & 63]) & 0xFFFF;
x54 = (x54 - xkey[x32 & 63]) & 0xFFFF;
x32 = (x32 - xkey[x10 & 63]) & 0xFFFF;
x10 = (x10 - xkey[x76 & 63]) & 0xFFFF;
}
x76 = ((x76 << 11) | (x76 >> 5));
x76 = (x76 - ((x10 & ~x54) + (x32 & x54) + xkey[4*i+3])) & 0xFFFF;
x54 = ((x54 << 13) | (x54 >> 3));
x54 = (x54 - ((x76 & ~x32) + (x10 & x32) + xkey[4*i+2])) & 0xFFFF;
x32 = ((x32 << 14) | (x32 >> 2));
x32 = (x32 - ((x54 & ~x10) + (x76 & x10) + xkey[4*i+1])) & 0xFFFF;
x10 = ((x10 << 15) | (x10 >> 1));
x10 = (x10 - ((x32 & ~x76) + (x54 & x76) + xkey[4*i+0])) & 0xFFFF;
}
plain[0] = (unsigned char)x10;
plain[1] = (unsigned char)(x10 >> 8);
plain[2] = (unsigned char)x32;
plain[3] = (unsigned char)(x32 >> 8);
plain[4] = (unsigned char)x54;
plain[5] = (unsigned char)(x54 >> 8);
plain[6] = (unsigned char)x76;
plain[7] = (unsigned char)(x76 >> 8);
}
/*
* dlls/rsaenh/rc4.c
* RC4 functions
*
* Copyright 2004 Michael Jung
* Based on public domain code by Tom St Denis (tomstdenis@iahu.ca)
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/*
* This file contains code from the LibTomCrypt cryptographic
* library written by Tom St Denis (tomstdenis@iahu.ca). LibTomCrypt
* is in the public domain. The code in this file is tailored to
* special requirements. Take a look at http://libtomcrypt.org for the
* original version.
*/
#include "tomcrypt.h"
int rc4_start(prng_state *prng)
{
/* set keysize to zero */
prng->rc4.x = 0;
return CRYPT_OK;
}
int rc4_add_entropy(const unsigned char *buf, unsigned long len, prng_state *prng)
{
/* trim as required */
if (prng->rc4.x + len > 256) {
if (prng->rc4.x == 256) {
/* I can't possibly accept another byte, ok maybe a mint wafer... */
return CRYPT_OK;
} else {
/* only accept part of it */
len = 256 - prng->rc4.x;
}
}
while (len--) {
prng->rc4.buf[prng->rc4.x++] = *buf++;
}
return CRYPT_OK;
}
int rc4_ready(prng_state *prng)
{
unsigned char key[256], tmp, *s;
int keylen, x, y, j;
/* extract the key */
s = prng->rc4.buf;
memcpy(key, s, 256);
keylen = prng->rc4.x;
/* make RC4 perm and shuffle */
for (x = 0; x < 256; x++) {
s[x] = x;
}
for (j = x = y = 0; x < 256; x++) {
y = (y + prng->rc4.buf[x] + key[j++]) & 255;
if (j == keylen) {
j = 0;
}
tmp = s[x]; s[x] = s[y]; s[y] = tmp;
}
prng->rc4.x = 0;
prng->rc4.y = 0;
return CRYPT_OK;
}
unsigned long rc4_read(unsigned char *buf, unsigned long len, prng_state *prng)
{
unsigned char x, y, *s, tmp;
unsigned long n;
n = len;
x = prng->rc4.x;
y = prng->rc4.y;
s = prng->rc4.buf;
while (len--) {
x = (x + 1) & 255;
y = (y + s[x]) & 255;
tmp = s[x]; s[x] = s[y]; s[y] = tmp;
tmp = (s[x] + s[y]) & 255;
*buf++ ^= s[tmp];
}
prng->rc4.x = x;
prng->rc4.y = y;
return n;
}
/*
* dlls/rsaenh/rsa.c
* RSA public key cryptographic functions
*
* Copyright 2004 Michael Jung
* Based on public domain code by Tom St Denis (tomstdenis@iahu.ca)
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/*
* This file contains code from the LibTomCrypt cryptographic
* library written by Tom St Denis (tomstdenis@iahu.ca). LibTomCrypt
* is in the public domain. The code in this file is tailored to
* special requirements. Take a look at http://libtomcrypt.org for the
* original version.
*/
#include "tomcrypt.h"
static const struct {
int mpi_code, ltc_code;
} mpi_to_ltc_codes[] = {
{ MP_OKAY , CRYPT_OK},
{ MP_MEM , CRYPT_MEM},
{ MP_VAL , CRYPT_INVALID_ARG},
};
/* convert a MPI error to a LTC error (Possibly the most powerful function ever! Oh wait... no) */
int mpi_to_ltc_error(int err)
{
int x;
for (x = 0; x < (int)(sizeof(mpi_to_ltc_codes)/sizeof(mpi_to_ltc_codes[0])); x++) {
if (err == mpi_to_ltc_codes[x].mpi_code) {
return mpi_to_ltc_codes[x].ltc_code;
}
}
return CRYPT_ERROR;
}
extern int gen_rand_impl(unsigned char *dst, unsigned int len);
static int rand_prime_helper(unsigned char *dst, int len, void *dat)
{
return gen_rand_impl(dst, len) ? len : 0;
}
int rand_prime(mp_int *N, long len)
{
int type;
/* allow sizes between 2 and 256 bytes for a prime size */
if (len < 16 || len > 8192) {
printf("Invalid prime size!\n");
return CRYPT_INVALID_PRIME_SIZE;
}
/* get type */
if (len < 0) {
type = LTM_PRIME_BBS;
len = -len;
} else {
type = 0;
}
/* New prime generation makes the code even more cryptoish-insane. Do you know what this means!!!
-- Gir: Yeah, oh wait, er, no.
*/
return mpi_to_ltc_error(mp_prime_random_ex(N, mp_prime_rabin_miller_trials(len), len, type, rand_prime_helper, NULL));
}
int rsa_make_key(int size, long e, rsa_key *key)
{
mp_int p, q, tmp1, tmp2, tmp3;
int err;
if ((size < (MIN_RSA_SIZE/8)) || (size > (MAX_RSA_SIZE/8))) {
return CRYPT_INVALID_KEYSIZE;
}
if ((e < 3) || ((e & 1) == 0)) {
return CRYPT_INVALID_ARG;
}
if ((err = mp_init_multi(&p, &q, &tmp1, &tmp2, &tmp3, NULL)) != MP_OKAY) {
return mpi_to_ltc_error(err);
}
/* make primes p and q (optimization provided by Wayne Scott) */
if ((err = mp_set_int(&tmp3, e)) != MP_OKAY) { goto error; } /* tmp3 = e */
/* make prime "p" */
do {
if ((err = rand_prime(&p, size*4)) != CRYPT_OK) { goto done; }
if ((err = mp_sub_d(&p, 1, &tmp1)) != MP_OKAY) { goto error; } /* tmp1 = p-1 */
if ((err = mp_gcd(&tmp1, &tmp3, &tmp2)) != MP_OKAY) { goto error; } /* tmp2 = gcd(p-1, e) */
} while (mp_cmp_d(&tmp2, 1) != 0); /* while e divides p-1 */
/* make prime "q" */
do {
if ((err = rand_prime(&q, size*4)) != CRYPT_OK) { goto done; }
if ((err = mp_sub_d(&q, 1, &tmp1)) != MP_OKAY) { goto error; } /* tmp1 = q-1 */
if ((err = mp_gcd(&tmp1, &tmp3, &tmp2)) != MP_OKAY) { goto error; } /* tmp2 = gcd(q-1, e) */
} while (mp_cmp_d(&tmp2, 1) != 0); /* while e divides q-1 */
/* tmp1 = lcm(p-1, q-1) */
if ((err = mp_sub_d(&p, 1, &tmp2)) != MP_OKAY) { goto error; } /* tmp2 = p-1 */
/* tmp1 = q-1 (previous do/while loop) */
if ((err = mp_lcm(&tmp1, &tmp2, &tmp1)) != MP_OKAY) { goto error; } /* tmp1 = lcm(p-1, q-1) */
/* make key */
if ((err = mp_init_multi(&key->e, &key->d, &key->N, &key->dQ, &key->dP,
&key->qP, &key->p, &key->q, NULL)) != MP_OKAY) {
goto error;
}
if ((err = mp_set_int(&key->e, e)) != MP_OKAY) { goto error2; } /* key->e = e */
if ((err = mp_invmod(&key->e, &tmp1, &key->d)) != MP_OKAY) { goto error2; } /* key->d = 1/e mod lcm(p-1,q-1) */
if ((err = mp_mul(&p, &q, &key->N)) != MP_OKAY) { goto error2; } /* key->N = pq */
/* optimize for CRT now */
/* find d mod q-1 and d mod p-1 */
if ((err = mp_sub_d(&p, 1, &tmp1)) != MP_OKAY) { goto error2; } /* tmp1 = q-1 */
if ((err = mp_sub_d(&q, 1, &tmp2)) != MP_OKAY) { goto error2; } /* tmp2 = p-1 */
if ((err = mp_mod(&key->d, &tmp1, &key->dP)) != MP_OKAY) { goto error2; } /* dP = d mod p-1 */
if ((err = mp_mod(&key->d, &tmp2, &key->dQ)) != MP_OKAY) { goto error2; } /* dQ = d mod q-1 */
if ((err = mp_invmod(&q, &p, &key->qP)) != MP_OKAY) { goto error2; } /* qP = 1/q mod p */
if ((err = mp_copy(&p, &key->p)) != MP_OKAY) { goto error2; }
if ((err = mp_copy(&q, &key->q)) != MP_OKAY) { goto error2; }
/* shrink ram required */
if ((err = mp_shrink(&key->e)) != MP_OKAY) { goto error2; }
if ((err = mp_shrink(&key->d)) != MP_OKAY) { goto error2; }
if ((err = mp_shrink(&key->N)) != MP_OKAY) { goto error2; }
if ((err = mp_shrink(&key->dQ)) != MP_OKAY) { goto error2; }
if ((err = mp_shrink(&key->dP)) != MP_OKAY) { goto error2; }
if ((err = mp_shrink(&key->qP)) != MP_OKAY) { goto error2; }
if ((err = mp_shrink(&key->p)) != MP_OKAY) { goto error2; }
if ((err = mp_shrink(&key->q)) != MP_OKAY) { goto error2; }
/* set key type (in this case it's CRT optimized) */
key->type = PK_PRIVATE;
/* return ok and free temps */
err = CRYPT_OK;
goto done;
error2:
mp_clear_multi(&key->d, &key->e, &key->N, &key->dQ, &key->dP,
&key->qP, &key->p, &key->q, NULL);
error:
err = mpi_to_ltc_error(err);
done:
mp_clear_multi(&tmp3, &tmp2, &tmp1, &p, &q, NULL);
return err;
}
void rsa_free(rsa_key *key)
{
mp_clear_multi(&key->e, &key->d, &key->N, &key->dQ, &key->dP,
&key->qP, &key->p, &key->q, NULL);
}
/* compute an RSA modular exponentiation */
int rsa_exptmod(const unsigned char *in, unsigned long inlen,
unsigned char *out, unsigned long *outlen, int which,
rsa_key *key)
{
mp_int tmp, tmpa, tmpb;
unsigned long x;
int err;
/* is the key of the right type for the operation? */
if (which == PK_PRIVATE && (key->type != PK_PRIVATE)) {
return CRYPT_PK_NOT_PRIVATE;
}
/* must be a private or public operation */
if (which != PK_PRIVATE && which != PK_PUBLIC) {
return CRYPT_PK_INVALID_TYPE;
}
/* init and copy into tmp */
if ((err = mp_init_multi(&tmp, &tmpa, &tmpb, NULL)) != MP_OKAY) { return mpi_to_ltc_error(err); }
if ((err = mp_read_unsigned_bin(&tmp, (unsigned char *)in, (int)inlen)) != MP_OKAY) { goto error; }
/* sanity check on the input */
if (mp_cmp(&key->N, &tmp) == MP_LT) {
err = CRYPT_PK_INVALID_SIZE;
goto done;
}
/* are we using the private exponent and is the key optimized? */
if (which == PK_PRIVATE) {
/* tmpa = tmp^dP mod p */
if ((err = mpi_to_ltc_error(mp_exptmod(&tmp, &key->dP, &key->p, &tmpa))) != MP_OKAY) { goto error; }
/* tmpb = tmp^dQ mod q */
if ((err = mpi_to_ltc_error(mp_exptmod(&tmp, &key->dQ, &key->q, &tmpb))) != MP_OKAY) { goto error; }
/* tmp = (tmpa - tmpb) * qInv (mod p) */
if ((err = mp_sub(&tmpa, &tmpb, &tmp)) != MP_OKAY) { goto error; }
if ((err = mp_mulmod(&tmp, &key->qP, &key->p, &tmp)) != MP_OKAY) { goto error; }
/* tmp = tmpb + q * tmp */
if ((err = mp_mul(&tmp, &key->q, &tmp)) != MP_OKAY) { goto error; }
if ((err = mp_add(&tmp, &tmpb, &tmp)) != MP_OKAY) { goto error; }
} else {
/* exptmod it */
if ((err = mp_exptmod(&tmp, &key->e, &key->N, &tmp)) != MP_OKAY) { goto error; }
}
/* read it back */
x = (unsigned long)mp_unsigned_bin_size(&key->N);
if (x > *outlen) {
err = CRYPT_BUFFER_OVERFLOW;
goto done;
}
*outlen = x;
/* convert it */
memset(out, 0, x);
if ((err = mp_to_unsigned_bin(&tmp, out+(x-mp_unsigned_bin_size(&tmp)))) != MP_OKAY) { goto error; }
/* clean up and return */
err = CRYPT_OK;
goto done;
error:
err = mpi_to_ltc_error(err);
done:
mp_clear_multi(&tmp, &tmpa, &tmpb, NULL);
return err;
}
......@@ -35,7 +35,7 @@
#include "wincrypt.h"
#include "lmcons.h"
#include "handle.h"
#include "implossl.h"
#include "implglue.h"
WINE_DEFAULT_DEBUG_CHANNEL(crypt);
......@@ -939,8 +939,6 @@ BOOL WINAPI RSAENH_CPAcquireContext(HCRYPTPROV *phProv, LPSTR pszContainer,
debugstr_a(pszContainer), dwFlags, pVTable);
SetLastError(ERROR_SUCCESS);
if (!load_lib()) return FALSE;
if (pszContainer ? strlen(pszContainer) : 0)
{
......@@ -1787,18 +1785,23 @@ BOOL WINAPI RSAENH_CPGenKey(HCRYPTPROV hProv, ALG_ID Algid, DWORD dwFlags, HCRYP
case AT_SIGNATURE:
RSAENH_CPDestroyKey(hProv, pKeyContainer->hSignatureKeyPair);
pKeyContainer->hSignatureKeyPair =
new_key(hProv, CALG_RSA_SIGN, dwFlags, abKeyValue, 0);
new_key(hProv, CALG_RSA_SIGN, dwFlags, NULL, 0);
copy_handle(&handle_table, pKeyContainer->hSignatureKeyPair, RSAENH_MAGIC_KEY,
(unsigned int*)phKey);
break;
case AT_KEYEXCHANGE:
RSAENH_CPDestroyKey(hProv, pKeyContainer->hKeyExchangeKeyPair);
pKeyContainer->hKeyExchangeKeyPair = new_key(hProv, CALG_RSA_KEYX, dwFlags, abKeyValue, 0);
pKeyContainer->hKeyExchangeKeyPair = new_key(hProv, CALG_RSA_KEYX, dwFlags, NULL, 0);
copy_handle(&handle_table, pKeyContainer->hKeyExchangeKeyPair, RSAENH_MAGIC_KEY,
(unsigned int*)phKey);
break;
case CALG_RSA_SIGN:
case CALG_RSA_KEYX:
*phKey = new_key(hProv, Algid, dwFlags, NULL, 0);
break;
case CALG_RC2:
case CALG_RC4:
case CALG_DES:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment