Commit ca371a48 authored by Michael Jung's avatar Michael Jung Committed by Alexandre Julliard

Incorporated LibTomCrypt code into rsaenh to get rid of OpenSSL

dependencies.
parent c50d8743
......@@ -7,8 +7,14 @@ MODULE = rsaenh.dll
IMPORTS = advapi32 kernel32
C_SRCS = \
des.c \
handle.c \
implossl.c \
implglue.c \
md2.c \
mpi.c \
rc2.c \
rc4.c \
rsa.c \
rsaenh.c
SUBDIRS = tests
......
This source diff could not be displayed because it is too large. You can view the blob instead.
/*
* dlls/rsaenh/implossl.c
* Encapsulating the OpenSSL dependend parts of RSAENH
* dlls/rsaenh/implglue.c
* Glueing the RSAENH specific code to the crypto library
*
* Copyright (c) 2004 Michael Jung
*
......@@ -29,55 +29,12 @@
#include "windef.h"
#include "wincrypt.h"
#include "implossl.h"
#include "implglue.h"
#include <stdio.h>
WINE_DEFAULT_DEBUG_CHANNEL(crypt);
#ifndef SONAME_LIBCRYPTO
#define SONAME_LIBCRYPTO "libcrypto.so"
#endif
static void *libcrypto;
#define MAKE_FUNCPTR(f) static typeof(f) * p##f
/* OpenSSL funtions that we use */
#ifdef HAVE_OPENSSL_MD2_H
MAKE_FUNCPTR(MD2_Init);
MAKE_FUNCPTR(MD2_Update);
MAKE_FUNCPTR(MD2_Final);
#endif
#ifdef HAVE_OPENSSL_RC2_H
MAKE_FUNCPTR(RC2_set_key);
MAKE_FUNCPTR(RC2_ecb_encrypt);
#endif
#ifdef HAVE_OPENSSL_RC4_H
MAKE_FUNCPTR(RC4_set_key);
MAKE_FUNCPTR(RC4);
#endif
#ifdef HAVE_OPENSSL_DES_H
MAKE_FUNCPTR(DES_set_odd_parity);
MAKE_FUNCPTR(DES_set_key_unchecked);
MAKE_FUNCPTR(DES_ecb_encrypt);
MAKE_FUNCPTR(DES_ecb3_encrypt);
#endif
#ifdef HAVE_OPENSSL_RSA_H
MAKE_FUNCPTR(RSA_generate_key);
MAKE_FUNCPTR(RSA_free);
MAKE_FUNCPTR(RSA_size);
MAKE_FUNCPTR(RSA_check_key);
MAKE_FUNCPTR(RSA_public_encrypt);
MAKE_FUNCPTR(RSA_private_encrypt);
MAKE_FUNCPTR(RSAPrivateKey_dup);
MAKE_FUNCPTR(BN_bn2bin);
MAKE_FUNCPTR(BN_bin2bn);
MAKE_FUNCPTR(BN_get_word);
MAKE_FUNCPTR(BN_set_word);
MAKE_FUNCPTR(BN_num_bits);
#endif
/* Function prototypes copied from dlls/advapi32/crypt_md4.c */
VOID WINAPI MD4Init( MD4_CTX *ctx );
VOID WINAPI MD4Update( MD4_CTX *ctx, const unsigned char *buf, unsigned int len );
......@@ -91,75 +48,14 @@ VOID WINAPI A_SHAInit(PSHA_CTX Context);
VOID WINAPI A_SHAUpdate(PSHA_CTX Context, PCHAR Buffer, UINT BufferSize);
VOID WINAPI A_SHAFinal(PSHA_CTX Context, PULONG Result);
BOOL load_lib( void )
{
/* FIXME: Is this portable? */
#if defined HAVE_OPENSSL_MD2_H || defined HAVE_OPENSSL_RC2_H || defined HAVE_OPENSSL_RC4_H || \
defined HAVE_OPENSSL_DES_H || defined HAVE_OPENSSL_RSA_H
libcrypto = wine_dlopen(SONAME_LIBCRYPTO, RTLD_NOW, NULL, 0);
if (!libcrypto)
{
MESSAGE("Couldn't load %s, RSA encryption not available.\n", SONAME_LIBCRYPTO);
MESSAGE("Install the openssl package if you're have problems.\n");
SetLastError(NTE_PROVIDER_DLL_FAIL);
return FALSE;
}
#define GETFUNC(x) p##x = wine_dlsym(libcrypto, #x, NULL, 0);
#ifdef HAVE_OPENSSL_MD2_H
GETFUNC(MD2_Init);
GETFUNC(MD2_Update);
GETFUNC(MD2_Final);
#endif
#ifdef HAVE_OPENSSL_RC2_H
GETFUNC(RC2_set_key);
GETFUNC(RC2_ecb_encrypt);
#endif
#ifdef HAVE_OPENSSL_RC4_H
GETFUNC(RC4_set_key);
GETFUNC(RC4);
#endif
#ifdef HAVE_OPENSSL_DES_H
GETFUNC(DES_set_odd_parity);
GETFUNC(DES_set_key_unchecked);
GETFUNC(DES_ecb_encrypt);
GETFUNC(DES_ecb3_encrypt);
#endif
#ifdef HAVE_OPENSSL_RSA_H
GETFUNC(RSA_generate_key);
GETFUNC(RSA_free);
GETFUNC(RSA_size);
GETFUNC(RSA_check_key);
GETFUNC(RSA_public_encrypt);
GETFUNC(RSA_private_encrypt);
GETFUNC(RSAPrivateKey_dup);
GETFUNC(BN_bn2bin);
GETFUNC(BN_bin2bn);
GETFUNC(BN_get_word);
GETFUNC(BN_set_word);
GETFUNC(BN_num_bits);
#endif
#endif /* ifdef have any openssl header */
return TRUE;
}
BOOL init_hash_impl(ALG_ID aiAlgid, HASH_CONTEXT *pHashContext)
{
switch (aiAlgid)
{
#ifdef HAVE_OPENSSL_MD2_H
case CALG_MD2:
if (!pMD2_Init)
{
SetLastError(NTE_PROVIDER_DLL_FAIL);
return FALSE;
}
pMD2_Init(&pHashContext->md2);
md2_init(&pHashContext->md2);
break;
#endif
case CALG_MD4:
MD4Init(&pHashContext->md4);
break;
......@@ -185,16 +81,10 @@ BOOL update_hash_impl(ALG_ID aiAlgid, HASH_CONTEXT *pHashContext, CONST BYTE *pb
{
switch (aiAlgid)
{
#ifdef HAVE_OPENSSL_MD2_H
case CALG_MD2:
if (!pMD2_Update)
{
SetLastError(NTE_PROVIDER_DLL_FAIL);
return FALSE;
}
pMD2_Update(&pHashContext->md2, pbData, dwDataLen);
md2_process(&pHashContext->md2, pbData, dwDataLen);
break;
#endif
case CALG_MD4:
MD4Update(&pHashContext->md4, pbData, dwDataLen);
break;
......@@ -219,16 +109,10 @@ BOOL finalize_hash_impl(ALG_ID aiAlgid, HASH_CONTEXT *pHashContext, BYTE *pbHash
{
switch (aiAlgid)
{
#ifdef HAVE_OPENSSL_MD2_H
case CALG_MD2:
if (!pMD2_Final)
{
SetLastError(NTE_PROVIDER_DLL_FAIL);
return FALSE;
}
pMD2_Final(pbHashValue, &pHashContext->md2);
md2_done(&pHashContext->md2, pbHashValue);
break;
#endif
case CALG_MD4:
MD4Final(&pHashContext->md4);
memcpy(pbHashValue, pHashContext->md4.digest, 16);
......@@ -263,20 +147,14 @@ BOOL new_key_impl(ALG_ID aiAlgid, KEY_CONTEXT *pKeyContext, DWORD dwKeyLen)
{
switch (aiAlgid)
{
#ifdef HAVE_OPENSSL_RSA_H
case CALG_RSA_KEYX:
case CALG_RSA_SIGN:
if (!pRSA_generate_key)
{
SetLastError(NTE_PROVIDER_DLL_FAIL);
if (rsa_make_key((int)dwKeyLen, 65537, &pKeyContext->rsa) == CRYPT_OK) {
return TRUE;
} else {
printf("Error generating rsakey of len %ld!\n", dwKeyLen);
return FALSE;
}
pKeyContext->rsa = pRSA_generate_key((int)dwKeyLen*8, 65537, NULL, NULL);
break;
#endif
default:
SetLastError(NTE_BAD_ALGID);
return FALSE;
}
return TRUE;
......@@ -286,20 +164,9 @@ BOOL free_key_impl(ALG_ID aiAlgid, KEY_CONTEXT *pKeyContext)
{
switch (aiAlgid)
{
#ifdef HAVE_OPENSSL_RSA_H
case CALG_RSA_KEYX:
case CALG_RSA_SIGN:
if (!pRSA_free)
{
SetLastError(NTE_PROVIDER_DLL_FAIL);
return FALSE;
}
if (pKeyContext->rsa) pRSA_free(pKeyContext->rsa);
break;
#endif
default:
SetLastError(NTE_BAD_ALGID);
return FALSE;
rsa_free(&pKeyContext->rsa);
}
return TRUE;
......@@ -310,55 +177,29 @@ BOOL setup_key_impl(ALG_ID aiAlgid, KEY_CONTEXT *pKeyContext, DWORD dwKeyLen, DW
{
switch (aiAlgid)
{
#ifdef HAVE_OPENSSL_RC4_H
case CALG_RC4:
if (!pRC4_set_key)
{
SetLastError(NTE_PROVIDER_DLL_FAIL);
return FALSE;
}
pRC4_set_key(&pKeyContext->rc4, dwKeyLen + dwSaltLen, abKeyValue);
rc4_start(&pKeyContext->rc4);
rc4_add_entropy(abKeyValue, dwKeyLen + dwSaltLen, &pKeyContext->rc4);
rc4_ready(&pKeyContext->rc4);
break;
#endif
#ifdef HAVE_OPENSSL_RC2_H
case CALG_RC2:
if (!pRC2_set_key)
{
SetLastError(NTE_PROVIDER_DLL_FAIL);
return FALSE;
}
pRC2_set_key(&pKeyContext->rc2, dwKeyLen + dwSaltLen, abKeyValue, dwKeyLen * 8);
rc2_setup(abKeyValue, dwKeyLen + dwSaltLen, dwKeyLen << 3, 0, &pKeyContext->rc2);
break;
#endif
#ifdef HAVE_OPENSSL_DES_H
case CALG_3DES:
if (!pDES_set_odd_parity || !pDES_set_key_unchecked)
{
SetLastError(NTE_PROVIDER_DLL_FAIL);
return FALSE;
}
pDES_set_odd_parity(&((DES_cblock*)abKeyValue)[2]);
pDES_set_key_unchecked(&((DES_cblock*)abKeyValue)[2], &pKeyContext->des[2]);
des3_setup(abKeyValue, 24, 0, &pKeyContext->des3);
break;
case CALG_3DES_112:
if (!pDES_set_odd_parity || !pDES_set_key_unchecked)
{
SetLastError(NTE_PROVIDER_DLL_FAIL);
return FALSE;
}
pDES_set_odd_parity(&((DES_cblock*)abKeyValue)[1]);
pDES_set_key_unchecked(&((DES_cblock*)abKeyValue)[1], &pKeyContext->des[1]);
memcpy(abKeyValue+16, abKeyValue, 8);
des3_setup(abKeyValue, 24, 0, &pKeyContext->des3);
break;
case CALG_DES:
if (!pDES_set_odd_parity || !pDES_set_key_unchecked)
{
SetLastError(NTE_PROVIDER_DLL_FAIL);
return FALSE;
}
pDES_set_odd_parity((DES_cblock*)abKeyValue);
pDES_set_key_unchecked((DES_cblock*)abKeyValue, &pKeyContext->des[0]);
des_setup(abKeyValue, 8, 0, &pKeyContext->des);
break;
#endif
default:
SetLastError(NTE_BAD_ALGID);
return FALSE;
......@@ -379,17 +220,19 @@ BOOL duplicate_key_impl(ALG_ID aiAlgid, CONST KEY_CONTEXT *pSrcKeyContext,
case CALG_DES:
memcpy(pDestKeyContext, pSrcKeyContext, sizeof(KEY_CONTEXT));
break;
#ifdef HAVE_OPENSSL_RSA_H
case CALG_RSA_KEYX:
case CALG_RSA_SIGN:
if (!pRSAPrivateKey_dup)
{
SetLastError(NTE_PROVIDER_DLL_FAIL);
return FALSE;
}
pDestKeyContext->rsa = pRSAPrivateKey_dup(pSrcKeyContext->rsa);
pDestKeyContext->rsa.type = pSrcKeyContext->rsa.type;
mp_init_copy(&pDestKeyContext->rsa.e, &pSrcKeyContext->rsa.e);
mp_init_copy(&pDestKeyContext->rsa.d, &pSrcKeyContext->rsa.d);
mp_init_copy(&pDestKeyContext->rsa.N, &pSrcKeyContext->rsa.N);
mp_init_copy(&pDestKeyContext->rsa.p, &pSrcKeyContext->rsa.p);
mp_init_copy(&pDestKeyContext->rsa.q, &pSrcKeyContext->rsa.q);
mp_init_copy(&pDestKeyContext->rsa.qP, &pSrcKeyContext->rsa.qP);
mp_init_copy(&pDestKeyContext->rsa.dP, &pSrcKeyContext->rsa.dP);
mp_init_copy(&pDestKeyContext->rsa.dQ, &pSrcKeyContext->rsa.dQ);
break;
#endif
default:
SetLastError(NTE_BAD_ALGID);
return FALSE;
......@@ -398,7 +241,6 @@ BOOL duplicate_key_impl(ALG_ID aiAlgid, CONST KEY_CONTEXT *pSrcKeyContext,
return TRUE;
}
#ifdef HAVE_OPENSSL_RSA_H
static inline void reverse_bytes(BYTE *pbData, DWORD dwLen) {
BYTE swap;
DWORD i;
......@@ -409,92 +251,59 @@ static inline void reverse_bytes(BYTE *pbData, DWORD dwLen) {
pbData[dwLen-i-1] = swap;
}
}
#endif
BOOL encrypt_block_impl(ALG_ID aiAlgid, KEY_CONTEXT *pKeyContext, CONST BYTE *in, BYTE *out,
DWORD enc)
{
#ifdef HAVE_OPENSSL_RSA_H
int cLen;
#endif
unsigned long inlen, outlen;
switch (aiAlgid) {
#ifdef HAVE_OPENSSL_RC2_H
case CALG_RC2:
if (!pRC2_ecb_encrypt)
{
SetLastError(NTE_PROVIDER_DLL_FAIL);
return FALSE;
}
pRC2_ecb_encrypt(in, out, &pKeyContext->rc2, enc ? RC2_ENCRYPT : RC2_DECRYPT);
break;
#endif
#ifdef HAVE_OPENSSL_DES_H
case CALG_DES:
if (!pDES_ecb_encrypt)
{
SetLastError(NTE_PROVIDER_DLL_FAIL);
return FALSE;
if (enc) {
rc2_ecb_encrypt(in, out, &pKeyContext->rc2);
} else {
rc2_ecb_decrypt(in, out, &pKeyContext->rc2);
}
pDES_ecb_encrypt((const_DES_cblock*)in, (DES_cblock*)out, &pKeyContext->des[0],
enc ? DES_ENCRYPT : DES_DECRYPT);
break;
case CALG_3DES:
case CALG_3DES_112:
if (!pDES_ecb3_encrypt)
{
SetLastError(NTE_PROVIDER_DLL_FAIL);
return FALSE;
if (enc) {
des3_ecb_encrypt(in, out, &pKeyContext->des3);
} else {
des3_ecb_decrypt(in, out, &pKeyContext->des3);
}
pDES_ecb3_encrypt((const_DES_cblock*)in, (DES_cblock*)out,
&pKeyContext->des[0], &pKeyContext->des[1], &pKeyContext->des[0],
enc ? DES_ENCRYPT : DES_DECRYPT);
break;
case CALG_3DES:
if (!pDES_ecb3_encrypt)
{
SetLastError(NTE_PROVIDER_DLL_FAIL);
return FALSE;
case CALG_DES:
if (enc) {
des_ecb_encrypt(in, out, &pKeyContext->des);
} else {
des_ecb_decrypt(in, out, &pKeyContext->des);
}
pDES_ecb3_encrypt((const_DES_cblock*)in, (DES_cblock*)out,
&pKeyContext->des[0], &pKeyContext->des[1], &pKeyContext->des[2],
enc ? DES_ENCRYPT : DES_DECRYPT);
break;
#endif
#ifdef HAVE_OPENSSL_RSA_H
case CALG_RSA_KEYX:
if (!pBN_num_bits || !pRSA_public_encrypt || !pRSA_private_encrypt)
{
SetLastError(NTE_PROVIDER_DLL_FAIL);
return FALSE;
}
cLen = pBN_num_bits(pKeyContext->rsa->n)/8;
outlen = inlen = (mp_count_bits(&pKeyContext->rsa.N)+7)/8;
if (enc) {
pRSA_public_encrypt(cLen, in, out, pKeyContext->rsa, RSA_NO_PADDING);
reverse_bytes((BYTE*)in, cLen);
rsa_exptmod(in, inlen, out, &outlen, PK_PUBLIC, &pKeyContext->rsa);
reverse_bytes((BYTE*)in, inlen);
} else {
reverse_bytes((BYTE*)in, cLen);
pRSA_private_encrypt(cLen, in, out, pKeyContext->rsa, RSA_NO_PADDING);
reverse_bytes((BYTE*)in, inlen);
rsa_exptmod(in, inlen, out, &outlen, PK_PRIVATE, &pKeyContext->rsa);
}
break;
break;
case CALG_RSA_SIGN:
if (!pBN_num_bits || !pRSA_public_encrypt || !pRSA_private_encrypt)
{
SetLastError(NTE_PROVIDER_DLL_FAIL);
return FALSE;
}
cLen = pBN_num_bits(pKeyContext->rsa->n)/8;
outlen = inlen = (mp_count_bits(&pKeyContext->rsa.N)+7)/8;
if (enc) {
pRSA_private_encrypt(cLen, in, out, pKeyContext->rsa, RSA_NO_PADDING);
reverse_bytes((BYTE*)in, cLen);
rsa_exptmod(in, inlen, out, &outlen, PK_PRIVATE, &pKeyContext->rsa);
reverse_bytes((BYTE*)in, inlen);
} else {
reverse_bytes((BYTE*)in, cLen);
pRSA_public_encrypt(cLen, in, out, pKeyContext->rsa, RSA_NO_PADDING);
reverse_bytes((BYTE*)in, inlen);
rsa_exptmod(in, inlen, out, &outlen, PK_PUBLIC, &pKeyContext->rsa);
}
break;
#endif
default:
SetLastError(NTE_BAD_ALGID);
return FALSE;
......@@ -506,16 +315,10 @@ BOOL encrypt_block_impl(ALG_ID aiAlgid, KEY_CONTEXT *pKeyContext, CONST BYTE *in
BOOL encrypt_stream_impl(ALG_ID aiAlgid, KEY_CONTEXT *pKeyContext, BYTE *stream, DWORD dwLen)
{
switch (aiAlgid) {
#ifdef HAVE_OPENSSL_RC4_H
case CALG_RC4:
if (!pRC4)
{
SetLastError(NTE_PROVIDER_DLL_FAIL);
return FALSE;
}
pRC4(&pKeyContext->rc4, (unsigned long)dwLen, stream, stream);
rc4_read(stream, dwLen, &pKeyContext->rc4);
break;
#endif
default:
SetLastError(NTE_BAD_ALGID);
return FALSE;
......@@ -526,22 +329,22 @@ BOOL encrypt_stream_impl(ALG_ID aiAlgid, KEY_CONTEXT *pKeyContext, BYTE *stream,
BOOL gen_rand_impl(BYTE *pbBuffer, DWORD dwLen)
{
FILE *dev_random;
int dev_random;
/* FIXME: /dev/urandom does not provide random numbers of a sufficient
* quality for cryptographic applications. /dev/random is much better,
* but it blocks if the kernel has not yet collected enough entropy for
* the request, which will suspend the calling thread for an indefinite
* amount of time. */
dev_random = fopen("/dev/urandom", "r");
if (dev_random)
dev_random = open("/dev/urandom", O_RDONLY);
if (dev_random != -1)
{
if (fread(pbBuffer, (size_t)dwLen, 1, dev_random) == 1)
if (read(dev_random, pbBuffer, dwLen) == (ssize_t)dwLen)
{
fclose(dev_random);
close(dev_random);
return TRUE;
}
fclose(dev_random);
close(dev_random);
}
SetLastError(NTE_FAIL);
return FALSE;
......@@ -549,135 +352,91 @@ BOOL gen_rand_impl(BYTE *pbBuffer, DWORD dwLen)
BOOL export_public_key_impl(BYTE *pbDest, KEY_CONTEXT *pKeyContext, DWORD dwKeyLen,DWORD *pdwPubExp)
{
#ifdef HAVE_OPENSSL_RSA_H
if (!pBN_bn2bin || !pBN_get_word)
{
SetLastError(NTE_PROVIDER_DLL_FAIL);
return FALSE;
}
pBN_bn2bin(pKeyContext->rsa->n, pbDest);
mp_to_unsigned_bin(&pKeyContext->rsa.N, pbDest);
reverse_bytes(pbDest, dwKeyLen);
*pdwPubExp = (DWORD)pBN_get_word(pKeyContext->rsa->e);
*pdwPubExp = (DWORD)mp_get_int(&pKeyContext->rsa.e);
return TRUE;
#else
SetLastError(NTE_FAIL);
return FALSE;
#endif
}
BOOL import_public_key_impl(CONST BYTE *pbSrc, KEY_CONTEXT *pKeyContext, DWORD dwKeyLen,
DWORD dwPubExp)
{
#ifdef HAVE_OPENSSL_RSA_H
BYTE *pbTemp;
if (!pBN_bin2bn || !pBN_set_word)
{
SetLastError(NTE_PROVIDER_DLL_FAIL);
return FALSE;
}
pbTemp = (BYTE*)HeapAlloc(GetProcessHeap(), 0, dwKeyLen);
if (!pbTemp) return FALSE;
memcpy(pbTemp, pbSrc, dwKeyLen);
pKeyContext->rsa.type = PK_PUBLIC;
reverse_bytes(pbTemp, dwKeyLen);
pBN_bin2bn(pbTemp, dwKeyLen, pKeyContext->rsa->n);
mp_read_unsigned_bin(&pKeyContext->rsa.N, pbTemp, dwKeyLen);
HeapFree(GetProcessHeap(), 0, pbTemp);
pBN_set_word(pKeyContext->rsa->e, (BN_ULONG)dwPubExp);
mp_set_int(&pKeyContext->rsa.e, dwPubExp);
return TRUE;
#else
SetLastError(NTE_FAIL);
return FALSE;
#endif
return TRUE;
}
BOOL export_private_key_impl(BYTE *pbDest, KEY_CONTEXT *pKeyContext, DWORD dwKeyLen,
DWORD *pdwPubExp)
{
#ifdef HAVE_OPENSSL_RSA_H
if (!pBN_bn2bin || !pBN_get_word)
{
SetLastError(NTE_PROVIDER_DLL_FAIL);
return FALSE;
}
pBN_bn2bin(pKeyContext->rsa->n, pbDest);
mp_to_unsigned_bin(&pKeyContext->rsa.N, pbDest);
reverse_bytes(pbDest, dwKeyLen);
pbDest += dwKeyLen;
pBN_bn2bin(pKeyContext->rsa->p, pbDest);
mp_to_unsigned_bin(&pKeyContext->rsa.p, pbDest);
reverse_bytes(pbDest, (dwKeyLen+1)>>1);
pbDest += (dwKeyLen+1)>>1;
pBN_bn2bin(pKeyContext->rsa->q, pbDest);
mp_to_unsigned_bin(&pKeyContext->rsa.q, pbDest);
reverse_bytes(pbDest, (dwKeyLen+1)>>1);
pbDest += (dwKeyLen+1)>>1;
pBN_bn2bin(pKeyContext->rsa->dmp1, pbDest);
mp_to_unsigned_bin(&pKeyContext->rsa.dP, pbDest);
reverse_bytes(pbDest, (dwKeyLen+1)>>1);
pbDest += (dwKeyLen+1)>>1;
pBN_bn2bin(pKeyContext->rsa->dmq1, pbDest);
mp_to_unsigned_bin(&pKeyContext->rsa.dQ, pbDest);
reverse_bytes(pbDest, (dwKeyLen+1)>>1);
pbDest += (dwKeyLen+1)>>1;
pBN_bn2bin(pKeyContext->rsa->iqmp, pbDest);
mp_to_unsigned_bin(&pKeyContext->rsa.qP, pbDest);
reverse_bytes(pbDest, (dwKeyLen+1)>>1);
pbDest += (dwKeyLen+1)>>1;
pBN_bn2bin(pKeyContext->rsa->d, pbDest);
mp_to_unsigned_bin(&pKeyContext->rsa.d, pbDest);
reverse_bytes(pbDest, dwKeyLen);
*pdwPubExp = (DWORD)pBN_get_word(pKeyContext->rsa->e);
*pdwPubExp = (DWORD)mp_get_int(&pKeyContext->rsa.e);
return TRUE;
#else
SetLastError(NTE_FAIL);
return FALSE;
#endif
}
BOOL import_private_key_impl(CONST BYTE *pbSrc, KEY_CONTEXT *pKeyContext, DWORD dwKeyLen,
DWORD dwPubExp)
{
#ifdef HAVE_OPENSSL_RSA_H
BYTE *pbTemp, *pbBigNum;
if (!pBN_bin2bn || !pBN_set_word)
{
SetLastError(NTE_PROVIDER_DLL_FAIL);
return FALSE;
}
pbTemp = HeapAlloc(GetProcessHeap(), 0, 2*dwKeyLen+5*((dwKeyLen+1)>>1));
if (!pbTemp) return FALSE;
memcpy(pbTemp, pbSrc, 2*dwKeyLen+5*((dwKeyLen+1)>>1));
pbBigNum = pbTemp;
pKeyContext->rsa.type = PK_PRIVATE;
reverse_bytes(pbBigNum, dwKeyLen);
pBN_bin2bn(pbBigNum, dwKeyLen, pKeyContext->rsa->n);
mp_read_unsigned_bin(&pKeyContext->rsa.N, pbBigNum, dwKeyLen);
pbBigNum += dwKeyLen;
reverse_bytes(pbBigNum, (dwKeyLen+1)>>1);
pBN_bin2bn(pbBigNum, (dwKeyLen+1)>>1, pKeyContext->rsa->p);
mp_read_unsigned_bin(&pKeyContext->rsa.p, pbBigNum, (dwKeyLen+1)>>1);
pbBigNum += (dwKeyLen+1)>>1;
reverse_bytes(pbBigNum, (dwKeyLen+1)>>1);
pBN_bin2bn(pbBigNum, (dwKeyLen+1)>>1, pKeyContext->rsa->q);
mp_read_unsigned_bin(&pKeyContext->rsa.q, pbBigNum, (dwKeyLen+1)>>1);
pbBigNum += (dwKeyLen+1)>>1;
reverse_bytes(pbBigNum, (dwKeyLen+1)>>1);
pBN_bin2bn(pbBigNum, (dwKeyLen+1)>>1, pKeyContext->rsa->dmp1);
mp_read_unsigned_bin(&pKeyContext->rsa.dP, pbBigNum, (dwKeyLen+1)>>1);
pbBigNum += (dwKeyLen+1)>>1;
reverse_bytes(pbBigNum, (dwKeyLen+1)>>1);
pBN_bin2bn(pbBigNum, (dwKeyLen+1)>>1, pKeyContext->rsa->dmq1);
mp_read_unsigned_bin(&pKeyContext->rsa.dQ, pbBigNum, (dwKeyLen+1)>>1);
pbBigNum += (dwKeyLen+1)>>1;
reverse_bytes(pbBigNum, (dwKeyLen+1)>>1);
pBN_bin2bn(pbBigNum, (dwKeyLen+1)>>1, pKeyContext->rsa->iqmp);
mp_read_unsigned_bin(&pKeyContext->rsa.qP, pbBigNum, (dwKeyLen+1)>>1);
pbBigNum += (dwKeyLen+1)>>1;
reverse_bytes(pbBigNum, dwKeyLen);
pBN_bin2bn(pbBigNum, dwKeyLen, pKeyContext->rsa->d);
pBN_set_word(pKeyContext->rsa->e, (BN_ULONG)dwPubExp);
mp_read_unsigned_bin(&pKeyContext->rsa.d, pbBigNum, dwKeyLen);
mp_set_int(&pKeyContext->rsa.e, dwPubExp);
HeapFree(GetProcessHeap(), 0, pbTemp);
return TRUE;
#else
SetLastError(NTE_FAIL);
return FALSE;
#endif
}
/*
* dlls/rsaenh/implossl.h
* Encapsulating the OpenSSL dependend parts of RSABASE
* dlls/rsaenh/implglue.h
* Glueing the RSAENH specific code to the crypto library
*
* Copyright (c) 2004 Michael Jung
*
......@@ -21,28 +21,10 @@
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifndef __WINE_IMPLOSSL_H
#define __WINE_IMPLOSSL_H
#ifndef __WINE_IMPLGLUE_H
#define __WINE_IMPLGLUE_H
#ifdef HAVE_OPENSSL_MD2_H
#include <openssl/md2.h>
#endif
#ifdef HAVE_OPENSSL_RC2_H
#include <openssl/rc2.h>
#endif
#ifdef HAVE_OPENSSL_RC4_H
#include <openssl/rc4.h>
#endif
#ifdef HAVE_OPENSSL_DES_H
#include <openssl/des.h>
#endif
#ifdef HAVE_OPENSSL_RSA_H
#include <openssl/rsa.h>
#endif
#include "tomcrypt.h"
/* Next typedef copied from dlls/advapi32/crypt_md4.c */
typedef struct tagMD4_CTX {
......@@ -71,32 +53,20 @@ typedef struct tagSHA_CTX
} SHA_CTX, *PSHA_CTX;
typedef union tagHASH_CONTEXT {
#ifdef HAVE_OPENSSL_MD2_H
MD2_CTX md2;
#endif
md2_state md2;
MD4_CTX md4;
MD5_CTX md5;
SHA_CTX sha;
} HASH_CONTEXT;
typedef union tagKEY_CONTEXT {
#ifdef HAVE_OPENSSL_RC2_H
RC2_KEY rc2;
#endif
#ifdef HAVE_OPENSSL_RC4_H
RC4_KEY rc4;
#endif
#ifdef HAVE_OPENSSL_DES_H
DES_key_schedule des[3];
#endif
#ifdef HAVE_OPENSSL_RSA_H
RSA *rsa;
#endif
DWORD dwDummy;
rc2_key rc2;
des_key des;
des3_key des3;
prng_state rc4;
rsa_key rsa;
} KEY_CONTEXT;
BOOL load_lib(void);
BOOL init_hash_impl(ALG_ID aiAlgid, HASH_CONTEXT *pHashContext);
BOOL update_hash_impl(ALG_ID aiAlgid, HASH_CONTEXT *pHashContext, CONST BYTE *pbData,
DWORD dwDataLen);
......@@ -126,4 +96,4 @@ BOOL import_private_key_impl(CONST BYTE* pbSrc, KEY_CONTEXT *pKeyContext, DWORD
BOOL gen_rand_impl(BYTE *pbBuffer, DWORD dwLen);
#endif /* __WINE_IMPLOSSL_H */
#endif /* __WINE_IMPLGLUE_H */
/*
* dlls/rsaenh/md2.c
* MD2 (RFC 1319) hash function implementation by Tom St Denis
*
* Copyright 2004 Michael Jung
* Based on public domain code by Tom St Denis (tomstdenis@iahu.ca)
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/*
* This file contains code from the LibTomCrypt cryptographic
* library written by Tom St Denis (tomstdenis@iahu.ca). LibTomCrypt
* is in the public domain. The code in this file is tailored to
* special requirements. Take a look at http://libtomcrypt.org for the
* original version.
*/
#include "tomcrypt.h"
static const unsigned char PI_SUBST[256] = {
41, 46, 67, 201, 162, 216, 124, 1, 61, 54, 84, 161, 236, 240, 6,
19, 98, 167, 5, 243, 192, 199, 115, 140, 152, 147, 43, 217, 188,
76, 130, 202, 30, 155, 87, 60, 253, 212, 224, 22, 103, 66, 111, 24,
138, 23, 229, 18, 190, 78, 196, 214, 218, 158, 222, 73, 160, 251,
245, 142, 187, 47, 238, 122, 169, 104, 121, 145, 21, 178, 7, 63,
148, 194, 16, 137, 11, 34, 95, 33, 128, 127, 93, 154, 90, 144, 50,
39, 53, 62, 204, 231, 191, 247, 151, 3, 255, 25, 48, 179, 72, 165,
181, 209, 215, 94, 146, 42, 172, 86, 170, 198, 79, 184, 56, 210,
150, 164, 125, 182, 118, 252, 107, 226, 156, 116, 4, 241, 69, 157,
112, 89, 100, 113, 135, 32, 134, 91, 207, 101, 230, 45, 168, 2, 27,
96, 37, 173, 174, 176, 185, 246, 28, 70, 97, 105, 52, 64, 126, 15,
85, 71, 163, 35, 221, 81, 175, 58, 195, 92, 249, 206, 186, 197,
234, 38, 44, 83, 13, 110, 133, 40, 132, 9, 211, 223, 205, 244, 65,
129, 77, 82, 106, 220, 55, 200, 108, 193, 171, 250, 36, 225, 123,
8, 12, 189, 177, 74, 120, 136, 149, 139, 227, 99, 232, 109, 233,
203, 213, 254, 59, 0, 29, 57, 242, 239, 183, 14, 102, 88, 208, 228,
166, 119, 114, 248, 235, 117, 75, 10, 49, 68, 80, 180, 143, 237,
31, 26, 219, 153, 141, 51, 159, 17, 131, 20
};
/* adds 16 bytes to the checksum */
static void md2_update_chksum(md2_state *md2)
{
int j;
unsigned char L;
L = md2->chksum[15];
for (j = 0; j < 16; j++) {
/* caution, the RFC says its "C[j] = S[M[i*16+j] xor L]" but the reference source code [and test vectors] say
otherwise.
*/
L = (md2->chksum[j] ^= PI_SUBST[(int)(md2->buf[j] ^ L)] & 255);
}
}
static void md2_compress(md2_state *md2)
{
int j, k;
unsigned char t;
/* copy block */
for (j = 0; j < 16; j++) {
md2->X[16+j] = md2->buf[j];
md2->X[32+j] = md2->X[j] ^ md2->X[16+j];
}
t = (unsigned char)0;
/* do 18 rounds */
for (j = 0; j < 18; j++) {
for (k = 0; k < 48; k++) {
t = (md2->X[k] ^= PI_SUBST[(int)(t & 255)]);
}
t = (t + (unsigned char)j) & 255;
}
}
int md2_init(md2_state *md2)
{
/* MD2 uses a zero'ed state... */
memset(md2->X, 0, sizeof(md2->X));
memset(md2->chksum, 0, sizeof(md2->chksum));
memset(md2->buf, 0, sizeof(md2->buf));
md2->curlen = 0;
return CRYPT_OK;
}
int md2_process(md2_state *md2, const unsigned char *buf, unsigned long len)
{
unsigned long n;
if (md2->curlen > sizeof(md2->buf)) {
return CRYPT_INVALID_ARG;
}
while (len > 0) {
n = MIN(len, (16 - md2->curlen));
memcpy(md2->buf + md2->curlen, buf, (size_t)n);
md2->curlen += n;
buf += n;
len -= n;
/* is 16 bytes full? */
if (md2->curlen == 16) {
md2_compress(md2);
md2_update_chksum(md2);
md2->curlen = 0;
}
}
return CRYPT_OK;
}
int md2_done(md2_state * md2, unsigned char *hash)
{
unsigned long i, k;
if (md2->curlen >= sizeof(md2->buf)) {
return CRYPT_INVALID_ARG;
}
/* pad the message */
k = 16 - md2->curlen;
for (i = md2->curlen; i < 16; i++) {
md2->buf[i] = (unsigned char)k;
}
/* hash and update */
md2_compress(md2);
md2_update_chksum(md2);
/* hash checksum */
memcpy(md2->buf, md2->chksum, 16);
md2_compress(md2);
/* output is lower 16 bytes of X */
memcpy(hash, md2->X, 16);
return CRYPT_OK;
}
This source diff could not be displayed because it is too large. You can view the blob instead.
/*
* dlls/rsaen/rc2.c
* RC2 functions
*
* Copyright 2004 Michael Jung
* Based on public domain code by Tom St Denis (tomstdenis@iahu.ca)
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/*
* This file contains code from the LibTomCrypt cryptographic
* library written by Tom St Denis (tomstdenis@iahu.ca). LibTomCrypt
* is in the public domain. The code in this file is tailored to
* special requirements. Take a look at http://libtomcrypt.org for the
* original version.
*/
#include "tomcrypt.h"
/* 256-entry permutation table, probably derived somehow from pi */
static const unsigned char permute[256] = {
217,120,249,196, 25,221,181,237, 40,233,253,121, 74,160,216,157,
198,126, 55,131, 43,118, 83,142, 98, 76,100,136, 68,139,251,162,
23,154, 89,245,135,179, 79, 19, 97, 69,109,141, 9,129,125, 50,
189,143, 64,235,134,183,123, 11,240,149, 33, 34, 92,107, 78,130,
84,214,101,147,206, 96,178, 28,115, 86,192, 20,167,140,241,220,
18,117,202, 31, 59,190,228,209, 66, 61,212, 48,163, 60,182, 38,
111,191, 14,218, 70,105, 7, 87, 39,242, 29,155,188,148, 67, 3,
248, 17,199,246,144,239, 62,231, 6,195,213, 47,200,102, 30,215,
8,232,234,222,128, 82,238,247,132,170,114,172, 53, 77,106, 42,
150, 26,210,113, 90, 21, 73,116, 75,159,208, 94, 4, 24,164,236,
194,224, 65,110, 15, 81,203,204, 36,145,175, 80,161,244,112, 57,
153,124, 58,133, 35,184,180,122,252, 2, 54, 91, 37, 85,151, 49,
45, 93,250,152,227,138,146,174, 5,223, 41, 16,103,108,186,201,
211, 0,230,207,225,158,168, 44, 99, 22, 1, 63, 88,226,137,169,
13, 56, 52, 27,171, 51,255,176,187, 72, 12, 95,185,177,205, 46,
197,243,219, 71,229,165,156,119, 10,166, 32,104,254,127,193,173
};
int rc2_setup(const unsigned char *key, int keylen, int bits, int rounds, rc2_key *rc2)
{
unsigned *xkey = rc2->xkey;
unsigned char tmp[128];
unsigned T8, TM;
int i;
if (keylen < 5 || keylen > 128) {
return CRYPT_INVALID_KEYSIZE;
}
if (rounds != 0 && rounds != 16) {
return CRYPT_INVALID_ROUNDS;
}
/* Following comment is from Eric Young's rc2 code: */
/* It has come to my attention that there are 2 versions of the RC2
* key schedule. One which is normal, and anther which has a hook to
* use a reduced key length.
* BSAFE uses the 'retarded' version. What I previously shipped is
* the same as specifying 1024 for the 'bits' parameter. Bsafe uses
* a version where the bits parameter is the same as len*8 */
/* Seems like MS uses the 'retarded' version, too.
* Adjust effective keylen bits */
if (bits <= 0) bits = keylen << 3;
if (bits > 1024) bits = 1024;
for (i = 0; i < keylen; i++) {
tmp[i] = key[i] & 255;
}
/* Phase 1: Expand input key to 128 bytes */
if (keylen < 128) {
for (i = keylen; i < 128; i++) {
tmp[i] = permute[(tmp[i - 1] + tmp[i - keylen]) & 255];
}
}
/* Phase 2 - reduce effective key size to "bits" */
/*bits = keylen<<3; */
T8 = (unsigned)(bits+7)>>3;
TM = (255 >> (unsigned)(7 & -bits));
tmp[128 - T8] = permute[tmp[128 - T8] & TM];
for (i = 127 - T8; i >= 0; i--) {
tmp[i] = permute[tmp[i + 1] ^ tmp[i + T8]];
}
/* Phase 3 - copy to xkey in little-endian order */
for (i = 0; i < 64; i++) {
xkey[i] = (unsigned)tmp[2*i] + ((unsigned)tmp[2*i+1] << 8);
}
return CRYPT_OK;
}
/**********************************************************************\
* Encrypt an 8-byte block of plaintext using the given key. *
\**********************************************************************/
void rc2_ecb_encrypt( const unsigned char *plain,
unsigned char *cipher,
rc2_key *rc2)
{
unsigned *xkey;
unsigned x76, x54, x32, x10, i;
xkey = rc2->xkey;
x76 = ((unsigned)plain[7] << 8) + (unsigned)plain[6];
x54 = ((unsigned)plain[5] << 8) + (unsigned)plain[4];
x32 = ((unsigned)plain[3] << 8) + (unsigned)plain[2];
x10 = ((unsigned)plain[1] << 8) + (unsigned)plain[0];
for (i = 0; i < 16; i++) {
x10 = (x10 + (x32 & ~x76) + (x54 & x76) + xkey[4*i+0]) & 0xFFFF;
x10 = ((x10 << 1) | (x10 >> 15));
x32 = (x32 + (x54 & ~x10) + (x76 & x10) + xkey[4*i+1]) & 0xFFFF;
x32 = ((x32 << 2) | (x32 >> 14));
x54 = (x54 + (x76 & ~x32) + (x10 & x32) + xkey[4*i+2]) & 0xFFFF;
x54 = ((x54 << 3) | (x54 >> 13));
x76 = (x76 + (x10 & ~x54) + (x32 & x54) + xkey[4*i+3]) & 0xFFFF;
x76 = ((x76 << 5) | (x76 >> 11));
if (i == 4 || i == 10) {
x10 = (x10 + xkey[x76 & 63]) & 0xFFFF;
x32 = (x32 + xkey[x10 & 63]) & 0xFFFF;
x54 = (x54 + xkey[x32 & 63]) & 0xFFFF;
x76 = (x76 + xkey[x54 & 63]) & 0xFFFF;
}
}
cipher[0] = (unsigned char)x10;
cipher[1] = (unsigned char)(x10 >> 8);
cipher[2] = (unsigned char)x32;
cipher[3] = (unsigned char)(x32 >> 8);
cipher[4] = (unsigned char)x54;
cipher[5] = (unsigned char)(x54 >> 8);
cipher[6] = (unsigned char)x76;
cipher[7] = (unsigned char)(x76 >> 8);
}
/**********************************************************************\
* Decrypt an 8-byte block of ciphertext using the given key. *
\**********************************************************************/
void rc2_ecb_decrypt( const unsigned char *cipher,
unsigned char *plain,
rc2_key *rc2)
{
unsigned x76, x54, x32, x10;
unsigned *xkey;
int i;
xkey = rc2->xkey;
x76 = ((unsigned)cipher[7] << 8) + (unsigned)cipher[6];
x54 = ((unsigned)cipher[5] << 8) + (unsigned)cipher[4];
x32 = ((unsigned)cipher[3] << 8) + (unsigned)cipher[2];
x10 = ((unsigned)cipher[1] << 8) + (unsigned)cipher[0];
for (i = 15; i >= 0; i--) {
if (i == 4 || i == 10) {
x76 = (x76 - xkey[x54 & 63]) & 0xFFFF;
x54 = (x54 - xkey[x32 & 63]) & 0xFFFF;
x32 = (x32 - xkey[x10 & 63]) & 0xFFFF;
x10 = (x10 - xkey[x76 & 63]) & 0xFFFF;
}
x76 = ((x76 << 11) | (x76 >> 5));
x76 = (x76 - ((x10 & ~x54) + (x32 & x54) + xkey[4*i+3])) & 0xFFFF;
x54 = ((x54 << 13) | (x54 >> 3));
x54 = (x54 - ((x76 & ~x32) + (x10 & x32) + xkey[4*i+2])) & 0xFFFF;
x32 = ((x32 << 14) | (x32 >> 2));
x32 = (x32 - ((x54 & ~x10) + (x76 & x10) + xkey[4*i+1])) & 0xFFFF;
x10 = ((x10 << 15) | (x10 >> 1));
x10 = (x10 - ((x32 & ~x76) + (x54 & x76) + xkey[4*i+0])) & 0xFFFF;
}
plain[0] = (unsigned char)x10;
plain[1] = (unsigned char)(x10 >> 8);
plain[2] = (unsigned char)x32;
plain[3] = (unsigned char)(x32 >> 8);
plain[4] = (unsigned char)x54;
plain[5] = (unsigned char)(x54 >> 8);
plain[6] = (unsigned char)x76;
plain[7] = (unsigned char)(x76 >> 8);
}
/*
* dlls/rsaenh/rc4.c
* RC4 functions
*
* Copyright 2004 Michael Jung
* Based on public domain code by Tom St Denis (tomstdenis@iahu.ca)
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/*
* This file contains code from the LibTomCrypt cryptographic
* library written by Tom St Denis (tomstdenis@iahu.ca). LibTomCrypt
* is in the public domain. The code in this file is tailored to
* special requirements. Take a look at http://libtomcrypt.org for the
* original version.
*/
#include "tomcrypt.h"
int rc4_start(prng_state *prng)
{
/* set keysize to zero */
prng->rc4.x = 0;
return CRYPT_OK;
}
int rc4_add_entropy(const unsigned char *buf, unsigned long len, prng_state *prng)
{
/* trim as required */
if (prng->rc4.x + len > 256) {
if (prng->rc4.x == 256) {
/* I can't possibly accept another byte, ok maybe a mint wafer... */
return CRYPT_OK;
} else {
/* only accept part of it */
len = 256 - prng->rc4.x;
}
}
while (len--) {
prng->rc4.buf[prng->rc4.x++] = *buf++;
}
return CRYPT_OK;
}
int rc4_ready(prng_state *prng)
{
unsigned char key[256], tmp, *s;
int keylen, x, y, j;
/* extract the key */
s = prng->rc4.buf;
memcpy(key, s, 256);
keylen = prng->rc4.x;
/* make RC4 perm and shuffle */
for (x = 0; x < 256; x++) {
s[x] = x;
}
for (j = x = y = 0; x < 256; x++) {
y = (y + prng->rc4.buf[x] + key[j++]) & 255;
if (j == keylen) {
j = 0;
}
tmp = s[x]; s[x] = s[y]; s[y] = tmp;
}
prng->rc4.x = 0;
prng->rc4.y = 0;
return CRYPT_OK;
}
unsigned long rc4_read(unsigned char *buf, unsigned long len, prng_state *prng)
{
unsigned char x, y, *s, tmp;
unsigned long n;
n = len;
x = prng->rc4.x;
y = prng->rc4.y;
s = prng->rc4.buf;
while (len--) {
x = (x + 1) & 255;
y = (y + s[x]) & 255;
tmp = s[x]; s[x] = s[y]; s[y] = tmp;
tmp = (s[x] + s[y]) & 255;
*buf++ ^= s[tmp];
}
prng->rc4.x = x;
prng->rc4.y = y;
return n;
}
/*
* dlls/rsaenh/rsa.c
* RSA public key cryptographic functions
*
* Copyright 2004 Michael Jung
* Based on public domain code by Tom St Denis (tomstdenis@iahu.ca)
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/*
* This file contains code from the LibTomCrypt cryptographic
* library written by Tom St Denis (tomstdenis@iahu.ca). LibTomCrypt
* is in the public domain. The code in this file is tailored to
* special requirements. Take a look at http://libtomcrypt.org for the
* original version.
*/
#include "tomcrypt.h"
static const struct {
int mpi_code, ltc_code;
} mpi_to_ltc_codes[] = {
{ MP_OKAY , CRYPT_OK},
{ MP_MEM , CRYPT_MEM},
{ MP_VAL , CRYPT_INVALID_ARG},
};
/* convert a MPI error to a LTC error (Possibly the most powerful function ever! Oh wait... no) */
int mpi_to_ltc_error(int err)
{
int x;
for (x = 0; x < (int)(sizeof(mpi_to_ltc_codes)/sizeof(mpi_to_ltc_codes[0])); x++) {
if (err == mpi_to_ltc_codes[x].mpi_code) {
return mpi_to_ltc_codes[x].ltc_code;
}
}
return CRYPT_ERROR;
}
extern int gen_rand_impl(unsigned char *dst, unsigned int len);
static int rand_prime_helper(unsigned char *dst, int len, void *dat)
{
return gen_rand_impl(dst, len) ? len : 0;
}
int rand_prime(mp_int *N, long len)
{
int type;
/* allow sizes between 2 and 256 bytes for a prime size */
if (len < 16 || len > 8192) {
printf("Invalid prime size!\n");
return CRYPT_INVALID_PRIME_SIZE;
}
/* get type */
if (len < 0) {
type = LTM_PRIME_BBS;
len = -len;
} else {
type = 0;
}
/* New prime generation makes the code even more cryptoish-insane. Do you know what this means!!!
-- Gir: Yeah, oh wait, er, no.
*/
return mpi_to_ltc_error(mp_prime_random_ex(N, mp_prime_rabin_miller_trials(len), len, type, rand_prime_helper, NULL));
}
int rsa_make_key(int size, long e, rsa_key *key)
{
mp_int p, q, tmp1, tmp2, tmp3;
int err;
if ((size < (MIN_RSA_SIZE/8)) || (size > (MAX_RSA_SIZE/8))) {
return CRYPT_INVALID_KEYSIZE;
}
if ((e < 3) || ((e & 1) == 0)) {
return CRYPT_INVALID_ARG;
}
if ((err = mp_init_multi(&p, &q, &tmp1, &tmp2, &tmp3, NULL)) != MP_OKAY) {
return mpi_to_ltc_error(err);
}
/* make primes p and q (optimization provided by Wayne Scott) */
if ((err = mp_set_int(&tmp3, e)) != MP_OKAY) { goto error; } /* tmp3 = e */
/* make prime "p" */
do {
if ((err = rand_prime(&p, size*4)) != CRYPT_OK) { goto done; }
if ((err = mp_sub_d(&p, 1, &tmp1)) != MP_OKAY) { goto error; } /* tmp1 = p-1 */
if ((err = mp_gcd(&tmp1, &tmp3, &tmp2)) != MP_OKAY) { goto error; } /* tmp2 = gcd(p-1, e) */
} while (mp_cmp_d(&tmp2, 1) != 0); /* while e divides p-1 */
/* make prime "q" */
do {
if ((err = rand_prime(&q, size*4)) != CRYPT_OK) { goto done; }
if ((err = mp_sub_d(&q, 1, &tmp1)) != MP_OKAY) { goto error; } /* tmp1 = q-1 */
if ((err = mp_gcd(&tmp1, &tmp3, &tmp2)) != MP_OKAY) { goto error; } /* tmp2 = gcd(q-1, e) */
} while (mp_cmp_d(&tmp2, 1) != 0); /* while e divides q-1 */
/* tmp1 = lcm(p-1, q-1) */
if ((err = mp_sub_d(&p, 1, &tmp2)) != MP_OKAY) { goto error; } /* tmp2 = p-1 */
/* tmp1 = q-1 (previous do/while loop) */
if ((err = mp_lcm(&tmp1, &tmp2, &tmp1)) != MP_OKAY) { goto error; } /* tmp1 = lcm(p-1, q-1) */
/* make key */
if ((err = mp_init_multi(&key->e, &key->d, &key->N, &key->dQ, &key->dP,
&key->qP, &key->p, &key->q, NULL)) != MP_OKAY) {
goto error;
}
if ((err = mp_set_int(&key->e, e)) != MP_OKAY) { goto error2; } /* key->e = e */
if ((err = mp_invmod(&key->e, &tmp1, &key->d)) != MP_OKAY) { goto error2; } /* key->d = 1/e mod lcm(p-1,q-1) */
if ((err = mp_mul(&p, &q, &key->N)) != MP_OKAY) { goto error2; } /* key->N = pq */
/* optimize for CRT now */
/* find d mod q-1 and d mod p-1 */
if ((err = mp_sub_d(&p, 1, &tmp1)) != MP_OKAY) { goto error2; } /* tmp1 = q-1 */
if ((err = mp_sub_d(&q, 1, &tmp2)) != MP_OKAY) { goto error2; } /* tmp2 = p-1 */
if ((err = mp_mod(&key->d, &tmp1, &key->dP)) != MP_OKAY) { goto error2; } /* dP = d mod p-1 */
if ((err = mp_mod(&key->d, &tmp2, &key->dQ)) != MP_OKAY) { goto error2; } /* dQ = d mod q-1 */
if ((err = mp_invmod(&q, &p, &key->qP)) != MP_OKAY) { goto error2; } /* qP = 1/q mod p */
if ((err = mp_copy(&p, &key->p)) != MP_OKAY) { goto error2; }
if ((err = mp_copy(&q, &key->q)) != MP_OKAY) { goto error2; }
/* shrink ram required */
if ((err = mp_shrink(&key->e)) != MP_OKAY) { goto error2; }
if ((err = mp_shrink(&key->d)) != MP_OKAY) { goto error2; }
if ((err = mp_shrink(&key->N)) != MP_OKAY) { goto error2; }
if ((err = mp_shrink(&key->dQ)) != MP_OKAY) { goto error2; }
if ((err = mp_shrink(&key->dP)) != MP_OKAY) { goto error2; }
if ((err = mp_shrink(&key->qP)) != MP_OKAY) { goto error2; }
if ((err = mp_shrink(&key->p)) != MP_OKAY) { goto error2; }
if ((err = mp_shrink(&key->q)) != MP_OKAY) { goto error2; }
/* set key type (in this case it's CRT optimized) */
key->type = PK_PRIVATE;
/* return ok and free temps */
err = CRYPT_OK;
goto done;
error2:
mp_clear_multi(&key->d, &key->e, &key->N, &key->dQ, &key->dP,
&key->qP, &key->p, &key->q, NULL);
error:
err = mpi_to_ltc_error(err);
done:
mp_clear_multi(&tmp3, &tmp2, &tmp1, &p, &q, NULL);
return err;
}
void rsa_free(rsa_key *key)
{
mp_clear_multi(&key->e, &key->d, &key->N, &key->dQ, &key->dP,
&key->qP, &key->p, &key->q, NULL);
}
/* compute an RSA modular exponentiation */
int rsa_exptmod(const unsigned char *in, unsigned long inlen,
unsigned char *out, unsigned long *outlen, int which,
rsa_key *key)
{
mp_int tmp, tmpa, tmpb;
unsigned long x;
int err;
/* is the key of the right type for the operation? */
if (which == PK_PRIVATE && (key->type != PK_PRIVATE)) {
return CRYPT_PK_NOT_PRIVATE;
}
/* must be a private or public operation */
if (which != PK_PRIVATE && which != PK_PUBLIC) {
return CRYPT_PK_INVALID_TYPE;
}
/* init and copy into tmp */
if ((err = mp_init_multi(&tmp, &tmpa, &tmpb, NULL)) != MP_OKAY) { return mpi_to_ltc_error(err); }
if ((err = mp_read_unsigned_bin(&tmp, (unsigned char *)in, (int)inlen)) != MP_OKAY) { goto error; }
/* sanity check on the input */
if (mp_cmp(&key->N, &tmp) == MP_LT) {
err = CRYPT_PK_INVALID_SIZE;
goto done;
}
/* are we using the private exponent and is the key optimized? */
if (which == PK_PRIVATE) {
/* tmpa = tmp^dP mod p */
if ((err = mpi_to_ltc_error(mp_exptmod(&tmp, &key->dP, &key->p, &tmpa))) != MP_OKAY) { goto error; }
/* tmpb = tmp^dQ mod q */
if ((err = mpi_to_ltc_error(mp_exptmod(&tmp, &key->dQ, &key->q, &tmpb))) != MP_OKAY) { goto error; }
/* tmp = (tmpa - tmpb) * qInv (mod p) */
if ((err = mp_sub(&tmpa, &tmpb, &tmp)) != MP_OKAY) { goto error; }
if ((err = mp_mulmod(&tmp, &key->qP, &key->p, &tmp)) != MP_OKAY) { goto error; }
/* tmp = tmpb + q * tmp */
if ((err = mp_mul(&tmp, &key->q, &tmp)) != MP_OKAY) { goto error; }
if ((err = mp_add(&tmp, &tmpb, &tmp)) != MP_OKAY) { goto error; }
} else {
/* exptmod it */
if ((err = mp_exptmod(&tmp, &key->e, &key->N, &tmp)) != MP_OKAY) { goto error; }
}
/* read it back */
x = (unsigned long)mp_unsigned_bin_size(&key->N);
if (x > *outlen) {
err = CRYPT_BUFFER_OVERFLOW;
goto done;
}
*outlen = x;
/* convert it */
memset(out, 0, x);
if ((err = mp_to_unsigned_bin(&tmp, out+(x-mp_unsigned_bin_size(&tmp)))) != MP_OKAY) { goto error; }
/* clean up and return */
err = CRYPT_OK;
goto done;
error:
err = mpi_to_ltc_error(err);
done:
mp_clear_multi(&tmp, &tmpa, &tmpb, NULL);
return err;
}
......@@ -35,7 +35,7 @@
#include "wincrypt.h"
#include "lmcons.h"
#include "handle.h"
#include "implossl.h"
#include "implglue.h"
WINE_DEFAULT_DEBUG_CHANNEL(crypt);
......@@ -939,8 +939,6 @@ BOOL WINAPI RSAENH_CPAcquireContext(HCRYPTPROV *phProv, LPSTR pszContainer,
debugstr_a(pszContainer), dwFlags, pVTable);
SetLastError(ERROR_SUCCESS);
if (!load_lib()) return FALSE;
if (pszContainer ? strlen(pszContainer) : 0)
{
......@@ -1787,18 +1785,23 @@ BOOL WINAPI RSAENH_CPGenKey(HCRYPTPROV hProv, ALG_ID Algid, DWORD dwFlags, HCRYP
case AT_SIGNATURE:
RSAENH_CPDestroyKey(hProv, pKeyContainer->hSignatureKeyPair);
pKeyContainer->hSignatureKeyPair =
new_key(hProv, CALG_RSA_SIGN, dwFlags, abKeyValue, 0);
new_key(hProv, CALG_RSA_SIGN, dwFlags, NULL, 0);
copy_handle(&handle_table, pKeyContainer->hSignatureKeyPair, RSAENH_MAGIC_KEY,
(unsigned int*)phKey);
break;
case AT_KEYEXCHANGE:
RSAENH_CPDestroyKey(hProv, pKeyContainer->hKeyExchangeKeyPair);
pKeyContainer->hKeyExchangeKeyPair = new_key(hProv, CALG_RSA_KEYX, dwFlags, abKeyValue, 0);
pKeyContainer->hKeyExchangeKeyPair = new_key(hProv, CALG_RSA_KEYX, dwFlags, NULL, 0);
copy_handle(&handle_table, pKeyContainer->hKeyExchangeKeyPair, RSAENH_MAGIC_KEY,
(unsigned int*)phKey);
break;
case CALG_RSA_SIGN:
case CALG_RSA_KEYX:
*phKey = new_key(hProv, Algid, dwFlags, NULL, 0);
break;
case CALG_RC2:
case CALG_RC4:
case CALG_DES:
......
/*
* dlls/rsaenh/tomcrypt.h
* Function prototypes, type definitions and constant definitions
* for LibTomCrypt code.
*
* Copyright 2004 Michael Jung
* Based on public domain code by Tom St Denis (tomstdenis@iahu.ca)
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/*
* This file contains code from the LibTomCrypt cryptographic
* library written by Tom St Denis (tomstdenis@iahu.ca). LibTomCrypt
* is in the public domain. The code in this file is tailored to
* special requirements. Take a look at http://libtomcrypt.org for the
* original version.
*/
#ifndef __WINE_TOMCRYPT_H_
#define __WINE_TOMCRYPT_H_
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <limits.h>
#include "basetsd.h"
/* error codes [will be expanded in future releases] */
enum {
CRYPT_OK=0, /* Result OK */
CRYPT_ERROR, /* Generic Error */
CRYPT_NOP, /* Not a failure but no operation was performed */
CRYPT_INVALID_KEYSIZE, /* Invalid key size given */
CRYPT_INVALID_ROUNDS, /* Invalid number of rounds */
CRYPT_FAIL_TESTVECTOR, /* Algorithm failed test vectors */
CRYPT_BUFFER_OVERFLOW, /* Not enough space for output */
CRYPT_INVALID_PACKET, /* Invalid input packet given */
CRYPT_INVALID_PRNGSIZE, /* Invalid number of bits for a PRNG */
CRYPT_ERROR_READPRNG, /* Could not read enough from PRNG */
CRYPT_INVALID_CIPHER, /* Invalid cipher specified */
CRYPT_INVALID_HASH, /* Invalid hash specified */
CRYPT_INVALID_PRNG, /* Invalid PRNG specified */
CRYPT_MEM, /* Out of memory */
CRYPT_PK_TYPE_MISMATCH, /* Not equivalent types of PK keys */
CRYPT_PK_NOT_PRIVATE, /* Requires a private PK key */
CRYPT_INVALID_ARG, /* Generic invalid argument */
CRYPT_FILE_NOTFOUND, /* File Not Found */
CRYPT_PK_INVALID_TYPE, /* Invalid type of PK key */
CRYPT_PK_INVALID_SYSTEM,/* Invalid PK system specified */
CRYPT_PK_DUP, /* Duplicate key already in key ring */
CRYPT_PK_NOT_FOUND, /* Key not found in keyring */
CRYPT_PK_INVALID_SIZE, /* Invalid size input for PK parameters */
CRYPT_INVALID_PRIME_SIZE/* Invalid size of prime requested */
};
#define CONST64(a,b) ((((ULONG64)(a)) << 32) | (b))
typedef ULONG64 ulong64;
/* this is the "32-bit at least" data type
* Re-define it to suit your platform but it must be at least 32-bits
*/
typedef ULONG32 ulong32;
/* ---- HELPER MACROS ---- */
#define STORE32H(x, y) \
{ (y)[0] = (unsigned char)(((x)>>24)&255); (y)[1] = (unsigned char)(((x)>>16)&255); \
(y)[2] = (unsigned char)(((x)>>8)&255); (y)[3] = (unsigned char)((x)&255); }
#define LOAD32H(x, y) \
{ x = ((unsigned long)((y)[0] & 255)<<24) | \
((unsigned long)((y)[1] & 255)<<16) | \
((unsigned long)((y)[2] & 255)<<8) | \
((unsigned long)((y)[3] & 255)); }
#if defined(__GNUC__) && (defined(__i386__) || defined(__x86_64__)) && !defined(INTEL_CC)
static inline unsigned ROR(unsigned word, int i)
{
__asm__("rorl %%cl,%0"
:"=r" (word)
:"0" (word),"c" (i));
return word;
}
#else
/* rotates the hard way */
#define ROR(x, y) ( ((((unsigned long)(x)&0xFFFFFFFFUL)>>(unsigned long)((y)&31)) | \
((unsigned long)(x)<<(unsigned long)(32-((y)&31)))) & 0xFFFFFFFFUL)
#endif
#undef MIN
#define MIN(x, y) ( ((x)<(y))?(x):(y) )
#define byte(x, n) (((x) >> (8 * (n))) & 255)
typedef struct tag_rc2_key {
unsigned xkey[64];
} rc2_key;
typedef struct tag_des_key {
ulong32 ek[32], dk[32];
} des_key;
typedef struct tag_des3_key {
ulong32 ek[3][32], dk[3][32];
} des3_key;
int rc2_setup(const unsigned char *key, int keylen, int bits, int num_rounds, rc2_key *skey);
void rc2_ecb_encrypt(const unsigned char *pt, unsigned char *ct, rc2_key *key);
void rc2_ecb_decrypt(const unsigned char *ct, unsigned char *pt, rc2_key *key);
int des_setup(const unsigned char *key, int keylen, int num_rounds, des_key *skey);
void des_ecb_encrypt(const unsigned char *pt, unsigned char *ct, des_key *key);
void des_ecb_decrypt(const unsigned char *ct, unsigned char *pt, des_key *key);
int des3_setup(const unsigned char *key, int keylen, int num_rounds, des3_key *skey);
void des3_ecb_encrypt(const unsigned char *pt, unsigned char *ct, des3_key *key);
void des3_ecb_decrypt(const unsigned char *ct, unsigned char *pt, des3_key *key);
typedef struct tag_md2_state {
unsigned char chksum[16], X[48], buf[16];
unsigned long curlen;
} md2_state;
int md2_init(md2_state * md);
int md2_process(md2_state * md, const unsigned char *buf, unsigned long len);
int md2_done(md2_state * md, unsigned char *hash);
struct rc4_prng {
int x, y;
unsigned char buf[256];
};
typedef union Prng_state {
struct rc4_prng rc4;
} prng_state;
int rc4_start(prng_state *prng);
int rc4_add_entropy(const unsigned char *buf, unsigned long len, prng_state *prng);
int rc4_ready(prng_state *prng);
unsigned long rc4_read(unsigned char *buf, unsigned long len, prng_state *prng);
/* some default configurations.
*
* A "mp_digit" must be able to hold DIGIT_BIT + 1 bits
* A "mp_word" must be able to hold 2*DIGIT_BIT + 1 bits
*
* At the very least a mp_digit must be able to hold 7 bits
* [any size beyond that is ok provided it doesn't overflow the data type]
*/
typedef unsigned long mp_digit;
typedef ulong64 mp_word;
#define DIGIT_BIT 28
#define MP_DIGIT_BIT DIGIT_BIT
#define MP_MASK ((((mp_digit)1)<<((mp_digit)DIGIT_BIT))-((mp_digit)1))
#define MP_DIGIT_MAX MP_MASK
/* equalities */
#define MP_LT -1 /* less than */
#define MP_EQ 0 /* equal to */
#define MP_GT 1 /* greater than */
#define MP_ZPOS 0 /* positive integer */
#define MP_NEG 1 /* negative */
#define MP_OKAY 0 /* ok result */
#define MP_MEM -2 /* out of mem */
#define MP_VAL -3 /* invalid input */
#define MP_RANGE MP_VAL
#define MP_YES 1 /* yes response */
#define MP_NO 0 /* no response */
/* Primality generation flags */
#define LTM_PRIME_BBS 0x0001 /* BBS style prime */
#define LTM_PRIME_SAFE 0x0002 /* Safe prime (p-1)/2 == prime */
#define LTM_PRIME_2MSB_OFF 0x0004 /* force 2nd MSB to 0 */
#define LTM_PRIME_2MSB_ON 0x0008 /* force 2nd MSB to 1 */
typedef int mp_err;
/* you'll have to tune these... */
extern int KARATSUBA_MUL_CUTOFF,
KARATSUBA_SQR_CUTOFF;
/* define this to use lower memory usage routines (exptmods mostly) */
/* #define MP_LOW_MEM */
#define MP_PREC 64 /* default digits of precision */
/* size of comba arrays, should be at least 2 * 2**(BITS_PER_WORD - BITS_PER_DIGIT*2) */
#define MP_WARRAY (1 << (sizeof(mp_word) * CHAR_BIT - 2 * DIGIT_BIT + 1))
/* the infamous mp_int structure */
typedef struct {
int used, alloc, sign;
mp_digit *dp;
} mp_int;
/* callback for mp_prime_random, should fill dst with random bytes and return how many read [upto len] */
typedef int ltm_prime_callback(unsigned char *dst, int len, void *dat);
#define DIGIT(m,k) ((m)->dp[(k)])
/* error code to char* string */
char *mp_error_to_string(int code);
/* ---> init and deinit bignum functions <--- */
/* init a bignum */
int mp_init(mp_int *a);
/* free a bignum */
void mp_clear(mp_int *a);
/* init a null terminated series of arguments */
int mp_init_multi(mp_int *mp, ...);
/* clear a null terminated series of arguments */
void mp_clear_multi(mp_int *mp, ...);
/* exchange two ints */
void mp_exch(mp_int *a, mp_int *b);
/* shrink ram required for a bignum */
int mp_shrink(mp_int *a);
/* grow an int to a given size */
int mp_grow(mp_int *a, int size);
/* init to a given number of digits */
int mp_init_size(mp_int *a, int size);
/* ---> Basic Manipulations <--- */
#define mp_iszero(a) (((a)->used == 0) ? MP_YES : MP_NO)
#define mp_iseven(a) (((a)->used > 0 && (((a)->dp[0] & 1) == 0)) ? MP_YES : MP_NO)
#define mp_isodd(a) (((a)->used > 0 && (((a)->dp[0] & 1) == 1)) ? MP_YES : MP_NO)
/* set to zero */
void mp_zero(mp_int *a);
/* set to a digit */
void mp_set(mp_int *a, mp_digit b);
/* set a 32-bit const */
int mp_set_int(mp_int *a, unsigned long b);
/* get a 32-bit value */
unsigned long mp_get_int(mp_int * a);
/* initialize and set a digit */
int mp_init_set (mp_int * a, mp_digit b);
/* initialize and set 32-bit value */
int mp_init_set_int (mp_int * a, unsigned long b);
/* copy, b = a */
int mp_copy(const mp_int *a, mp_int *b);
/* inits and copies, a = b */
int mp_init_copy(mp_int *a, const mp_int *b);
/* trim unused digits */
void mp_clamp(mp_int *a);
/* ---> digit manipulation <--- */
/* right shift by "b" digits */
void mp_rshd(mp_int *a, int b);
/* left shift by "b" digits */
int mp_lshd(mp_int *a, int b);
/* c = a / 2**b */
int mp_div_2d(mp_int *a, int b, mp_int *c, mp_int *d);
/* b = a/2 */
int mp_div_2(mp_int *a, mp_int *b);
/* c = a * 2**b */
int mp_mul_2d(mp_int *a, int b, mp_int *c);
/* b = a*2 */
int mp_mul_2(mp_int *a, mp_int *b);
/* c = a mod 2**d */
int mp_mod_2d(mp_int *a, int b, mp_int *c);
/* computes a = 2**b */
int mp_2expt(mp_int *a, int b);
/* Counts the number of lsbs which are zero before the first zero bit */
int mp_cnt_lsb(mp_int *a);
/* I Love Earth! */
/* makes a pseudo-random int of a given size */
int mp_rand(mp_int *a, int digits);
/* ---> binary operations <--- */
/* c = a XOR b */
int mp_xor(mp_int *a, mp_int *b, mp_int *c);
/* c = a OR b */
int mp_or(mp_int *a, mp_int *b, mp_int *c);
/* c = a AND b */
int mp_and(mp_int *a, mp_int *b, mp_int *c);
/* ---> Basic arithmetic <--- */
/* b = -a */
int mp_neg(mp_int *a, mp_int *b);
/* b = |a| */
int mp_abs(mp_int *a, mp_int *b);
/* compare a to b */
int mp_cmp(mp_int *a, mp_int *b);
/* compare |a| to |b| */
int mp_cmp_mag(mp_int *a, mp_int *b);
/* c = a + b */
int mp_add(mp_int *a, mp_int *b, mp_int *c);
/* c = a - b */
int mp_sub(mp_int *a, mp_int *b, mp_int *c);
/* c = a * b */
int mp_mul(mp_int *a, mp_int *b, mp_int *c);
/* b = a*a */
int mp_sqr(mp_int *a, mp_int *b);
/* a/b => cb + d == a */
int mp_div(mp_int *a, mp_int *b, mp_int *c, mp_int *d);
/* c = a mod b, 0 <= c < b */
int mp_mod(mp_int *a, mp_int *b, mp_int *c);
/* ---> single digit functions <--- */
/* compare against a single digit */
int mp_cmp_d(mp_int *a, mp_digit b);
/* c = a + b */
int mp_add_d(mp_int *a, mp_digit b, mp_int *c);
/* c = a - b */
int mp_sub_d(mp_int *a, mp_digit b, mp_int *c);
/* c = a * b */
int mp_mul_d(mp_int *a, mp_digit b, mp_int *c);
/* a/b => cb + d == a */
int mp_div_d(mp_int *a, mp_digit b, mp_int *c, mp_digit *d);
/* a/3 => 3c + d == a */
int mp_div_3(mp_int *a, mp_int *c, mp_digit *d);
/* c = a**b */
int mp_expt_d(mp_int *a, mp_digit b, mp_int *c);
/* c = a mod b, 0 <= c < b */
int mp_mod_d(mp_int *a, mp_digit b, mp_digit *c);
/* ---> number theory <--- */
/* d = a + b (mod c) */
int mp_addmod(mp_int *a, mp_int *b, mp_int *c, mp_int *d);
/* d = a - b (mod c) */
int mp_submod(mp_int *a, mp_int *b, mp_int *c, mp_int *d);
/* d = a * b (mod c) */
int mp_mulmod(mp_int *a, mp_int *b, mp_int *c, mp_int *d);
/* c = a * a (mod b) */
int mp_sqrmod(mp_int *a, mp_int *b, mp_int *c);
/* c = 1/a (mod b) */
int mp_invmod(mp_int *a, mp_int *b, mp_int *c);
/* c = (a, b) */
int mp_gcd(mp_int *a, mp_int *b, mp_int *c);
/* produces value such that U1*a + U2*b = U3 */
int mp_exteuclid(mp_int *a, mp_int *b, mp_int *U1, mp_int *U2, mp_int *U3);
/* c = [a, b] or (a*b)/(a, b) */
int mp_lcm(mp_int *a, mp_int *b, mp_int *c);
/* finds one of the b'th root of a, such that |c|**b <= |a|
*
* returns error if a < 0 and b is even
*/
int mp_n_root(mp_int *a, mp_digit b, mp_int *c);
/* special sqrt algo */
int mp_sqrt(mp_int *arg, mp_int *ret);
/* is number a square? */
int mp_is_square(mp_int *arg, int *ret);
/* computes the jacobi c = (a | n) (or Legendre if b is prime) */
int mp_jacobi(mp_int *a, mp_int *n, int *c);
/* used to setup the Barrett reduction for a given modulus b */
int mp_reduce_setup(mp_int *a, mp_int *b);
/* Barrett Reduction, computes a (mod b) with a precomputed value c
*
* Assumes that 0 < a <= b*b, note if 0 > a > -(b*b) then you can merely
* compute the reduction as -1 * mp_reduce(mp_abs(a)) [pseudo code].
*/
int mp_reduce(mp_int *a, mp_int *b, mp_int *c);
/* setups the montgomery reduction */
int mp_montgomery_setup(mp_int *a, mp_digit *mp);
/* computes a = B**n mod b without division or multiplication useful for
* normalizing numbers in a Montgomery system.
*/
int mp_montgomery_calc_normalization(mp_int *a, mp_int *b);
/* computes x/R == x (mod N) via Montgomery Reduction */
int mp_montgomery_reduce(mp_int *a, mp_int *m, mp_digit mp);
/* returns 1 if a is a valid DR modulus */
int mp_dr_is_modulus(mp_int *a);
/* sets the value of "d" required for mp_dr_reduce */
void mp_dr_setup(mp_int *a, mp_digit *d);
/* reduces a modulo b using the Diminished Radix method */
int mp_dr_reduce(mp_int *a, mp_int *b, mp_digit mp);
/* returns true if a can be reduced with mp_reduce_2k */
int mp_reduce_is_2k(mp_int *a);
/* determines k value for 2k reduction */
int mp_reduce_2k_setup(mp_int *a, mp_digit *d);
/* reduces a modulo b where b is of the form 2**p - k [0 <= a] */
int mp_reduce_2k(mp_int *a, mp_int *n, mp_digit d);
/* d = a**b (mod c) */
int mp_exptmod(mp_int *a, mp_int *b, mp_int *c, mp_int *d);
/* ---> Primes <--- */
/* number of primes */
#define PRIME_SIZE 256
/* table of first PRIME_SIZE primes */
extern const mp_digit __prime_tab[];
/* result=1 if a is divisible by one of the first PRIME_SIZE primes */
int mp_prime_is_divisible(mp_int *a, int *result);
/* performs one Fermat test of "a" using base "b".
* Sets result to 0 if composite or 1 if probable prime
*/
int mp_prime_fermat(mp_int *a, mp_int *b, int *result);
/* performs one Miller-Rabin test of "a" using base "b".
* Sets result to 0 if composite or 1 if probable prime
*/
int mp_prime_miller_rabin(mp_int *a, mp_int *b, int *result);
/* This gives [for a given bit size] the number of trials required
* such that Miller-Rabin gives a prob of failure lower than 2^-96
*/
int mp_prime_rabin_miller_trials(int size);
/* performs t rounds of Miller-Rabin on "a" using the first
* t prime bases. Also performs an initial sieve of trial
* division. Determines if "a" is prime with probability
* of error no more than (1/4)**t.
*
* Sets result to 1 if probably prime, 0 otherwise
*/
int mp_prime_is_prime(mp_int *a, int t, int *result);
/* finds the next prime after the number "a" using "t" trials
* of Miller-Rabin.
*
* bbs_style = 1 means the prime must be congruent to 3 mod 4
*/
int mp_prime_next_prime(mp_int *a, int t, int bbs_style);
/* makes a truly random prime of a given size (bytes),
* call with bbs = 1 if you want it to be congruent to 3 mod 4
*
* You have to supply a callback which fills in a buffer with random bytes. "dat" is a parameter you can
* have passed to the callback (e.g. a state or something). This function doesn't use "dat" itself
* so it can be NULL
*
* The prime generated will be larger than 2^(8*size).
*/
#define mp_prime_random(a, t, size, bbs, cb, dat) mp_prime_random_ex(a, t, ((size) * 8) + 1, (bbs==1)?LTM_PRIME_BBS:0, cb, dat)
/* makes a truly random prime of a given size (bits),
*
* Flags are as follows:
*
* LTM_PRIME_BBS - make prime congruent to 3 mod 4
* LTM_PRIME_SAFE - make sure (p-1)/2 is prime as well (implies LTM_PRIME_BBS)
* LTM_PRIME_2MSB_OFF - make the 2nd highest bit zero
* LTM_PRIME_2MSB_ON - make the 2nd highest bit one
*
* You have to supply a callback which fills in a buffer with random bytes. "dat" is a parameter you can
* have passed to the callback (e.g. a state or something). This function doesn't use "dat" itself
* so it can be NULL
*
*/
int mp_prime_random_ex(mp_int *a, int t, int size, int flags, ltm_prime_callback cb, void *dat);
/* ---> radix conversion <--- */
int mp_count_bits(mp_int *a);
int mp_unsigned_bin_size(mp_int *a);
int mp_read_unsigned_bin(mp_int *a, unsigned char *b, int c);
int mp_to_unsigned_bin(mp_int *a, unsigned char *b);
int mp_signed_bin_size(mp_int *a);
int mp_read_signed_bin(mp_int *a, unsigned char *b, int c);
int mp_to_signed_bin(mp_int *a, unsigned char *b);
int mp_read_radix(mp_int *a, char *str, int radix);
int mp_toradix(mp_int *a, char *str, int radix);
int mp_toradix_n(mp_int * a, char *str, int radix, int maxlen);
int mp_radix_size(mp_int *a, int radix, int *size);
int mp_fread(mp_int *a, int radix, FILE *stream);
int mp_fwrite(mp_int *a, int radix, FILE *stream);
#define mp_read_raw(mp, str, len) mp_read_signed_bin((mp), (str), (len))
#define mp_raw_size(mp) mp_signed_bin_size(mp)
#define mp_toraw(mp, str) mp_to_signed_bin((mp), (str))
#define mp_read_mag(mp, str, len) mp_read_unsigned_bin((mp), (str), (len))
#define mp_mag_size(mp) mp_unsigned_bin_size(mp)
#define mp_tomag(mp, str) mp_to_unsigned_bin((mp), (str))
#define mp_tobinary(M, S) mp_toradix((M), (S), 2)
#define mp_tooctal(M, S) mp_toradix((M), (S), 8)
#define mp_todecimal(M, S) mp_toradix((M), (S), 10)
#define mp_tohex(M, S) mp_toradix((M), (S), 16)
/* lowlevel functions, do not call! */
int s_mp_add(mp_int *a, mp_int *b, mp_int *c);
int s_mp_sub(mp_int *a, mp_int *b, mp_int *c);
#define s_mp_mul(a, b, c) s_mp_mul_digs(a, b, c, (a)->used + (b)->used + 1)
int fast_s_mp_mul_digs(mp_int *a, mp_int *b, mp_int *c, int digs);
int s_mp_mul_digs(mp_int *a, mp_int *b, mp_int *c, int digs);
int fast_s_mp_mul_high_digs(mp_int *a, mp_int *b, mp_int *c, int digs);
int s_mp_mul_high_digs(mp_int *a, mp_int *b, mp_int *c, int digs);
int fast_s_mp_sqr(mp_int *a, mp_int *b);
int s_mp_sqr(mp_int *a, mp_int *b);
int mp_karatsuba_mul(mp_int *a, mp_int *b, mp_int *c);
int mp_toom_mul(mp_int *a, mp_int *b, mp_int *c);
int mp_karatsuba_sqr(mp_int *a, mp_int *b);
int mp_toom_sqr(mp_int *a, mp_int *b);
int fast_mp_invmod(mp_int *a, mp_int *b, mp_int *c);
int mp_invmod_slow (mp_int * a, mp_int * b, mp_int * c);
int fast_mp_montgomery_reduce(mp_int *a, mp_int *m, mp_digit mp);
int mp_exptmod_fast(mp_int *G, mp_int *X, mp_int *P, mp_int *Y, int mode);
int s_mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y);
void bn_reverse(unsigned char *s, int len);
extern const char *mp_s_rmap;
#define PK_PRIVATE 0 /* PK private keys */
#define PK_PUBLIC 1 /* PK public keys */
/* Min and Max RSA key sizes (in bits) */
#define MIN_RSA_SIZE 384
#define MAX_RSA_SIZE 16384
typedef struct Rsa_key {
int type;
mp_int e, d, N, p, q, qP, dP, dQ;
} rsa_key;
int rsa_make_key(int size, long e, rsa_key *key);
int rsa_exptmod(const unsigned char *in, unsigned long inlen,
unsigned char *out, unsigned long *outlen, int which,
rsa_key *key);
void rsa_free(rsa_key *key);
#endif /* __WINE_TOMCRYPT_H_ */
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment