[sgt/putty] / sshrsa.c

/*
 * RSA implementation just sufficient for ssh client-side
 * initialisation step
 *
 * Rewritten for more speed by Joris van Rantwijk, Jun 1999.
 */

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#include "ssh.h"


int makekey(unsigned char *data, struct RSAKey *result,
	    unsigned char **keystr, int order) {
    unsigned char *p = data;
    int i;

    if (result) {
        result->bits = 0;
        for (i=0; i<4; i++)
            result->bits = (result->bits << 8) + *p++;
    } else
        p += 4;

    /*
     * order=0 means exponent then modulus (the keys sent by the
     * server). order=1 means modulus then exponent (the keys
     * stored in a keyfile).
     */

    if (order == 0)
        p += ssh1_read_bignum(p, result ? &result->exponent : NULL);
    if (result)
        result->bytes = (((p[0] << 8) + p[1]) + 7) / 8;
    if (keystr) *keystr = p+2;
    p += ssh1_read_bignum(p, result ? &result->modulus : NULL);
    if (order == 1)
        p += ssh1_read_bignum(p, result ? &result->exponent : NULL);

    return p - data;
}

int makeprivate(unsigned char *data, struct RSAKey *result) {
    return ssh1_read_bignum(data, &result->private_exponent);
}

void rsaencrypt(unsigned char *data, int length, struct RSAKey *key) {
    Bignum b1, b2;
    int i;
    unsigned char *p;

    memmove(data+key->bytes-length, data, length);
    data[0] = 0;
    data[1] = 2;

    for (i = 2; i < key->bytes-length-1; i++) {
	do {
	    data[i] = random_byte();
	} while (data[i] == 0);
    }
    data[key->bytes-length-1] = 0;

    b1 = bignum_from_bytes(data, key->bytes);

    b2 = modpow(b1, key->exponent, key->modulus);

    p = data;
    for (i=key->bytes; i-- ;) {
        *p++ = bignum_byte(b2, i);
    }

    freebn(b1);
    freebn(b2);
}

Bignum rsadecrypt(Bignum input, struct RSAKey *key) {
    Bignum ret;
    ret = modpow(input, key->private_exponent, key->modulus);
    return ret;
}

int rsastr_len(struct RSAKey *key) {
    Bignum md, ex;
    int mdlen, exlen;

    md = key->modulus;
    ex = key->exponent;
    mdlen = (ssh1_bignum_bitcount(md)+15) / 16;
    exlen = (ssh1_bignum_bitcount(ex)+15) / 16;
    return 4 * (mdlen+exlen) + 20;
}

void rsastr_fmt(char *str, struct RSAKey *key) {
    Bignum md, ex;
    int len = 0, i, nibbles;
    static const char hex[] = "0123456789abcdef";

    md = key->modulus;
    ex = key->exponent;

    len += sprintf(str+len, "0x");

    nibbles = (3 + ssh1_bignum_bitcount(ex))/4; if (nibbles<1) nibbles=1;
    for (i=nibbles; i-- ;)
        str[len++] = hex[(bignum_byte(ex, i/2) >> (4*(i%2))) & 0xF];

    len += sprintf(str+len, ",0x");

    nibbles = (3 + ssh1_bignum_bitcount(md))/4; if (nibbles<1) nibbles=1;
    for (i=nibbles; i-- ;)
        str[len++] = hex[(bignum_byte(md, i/2) >> (4*(i%2))) & 0xF];

    str[len] = '\0';
}

/*
 * Generate a fingerprint string for the key. Compatible with the
 * OpenSSH fingerprint code.
 */
void rsa_fingerprint(char *str, int len, struct RSAKey *key) {
    struct MD5Context md5c;
    unsigned char digest[16];
    char buffer[16*3+40];
    int numlen, slen, i;

    MD5Init(&md5c);
    numlen = ssh1_bignum_length(key->modulus) - 2;
    for (i = numlen; i-- ;) {
        unsigned char c = bignum_byte(key->modulus, i);
        MD5Update(&md5c, &c, 1);
    }
    numlen = ssh1_bignum_length(key->exponent) - 2;
    for (i = numlen; i-- ;) {
        unsigned char c = bignum_byte(key->exponent, i);
        MD5Update(&md5c, &c, 1);
    }
    MD5Final(digest, &md5c);

    sprintf(buffer, "%d ", ssh1_bignum_bitcount(key->modulus));
    for (i = 0; i < 16; i++)
        sprintf(buffer+strlen(buffer), "%s%02x", i?":":"", digest[i]);
    strncpy(str, buffer, len); str[len-1] = '\0';
    slen = strlen(str);
    if (key->comment && slen < len-1) {
        str[slen] = ' ';
        strncpy(str+slen+1, key->comment, len-slen-1);
        str[len-1] = '\0';
    }
}

void freersakey(struct RSAKey *key) {
    if (key->modulus) freebn(key->modulus);
    if (key->exponent) freebn(key->exponent);
    if (key->private_exponent) freebn(key->private_exponent);
    if (key->comment) sfree(key->comment);
}
Commit	Line	Data
374330e2	1	/*
	2	* RSA implementation just sufficient for ssh client-side
	3	* initialisation step
4644b0ce	4	*
4644b0ce	5	* Rewritten for more speed by Joris van Rantwijk, Jun 1999.
374330e2	6	*/
374330e2	7
374330e2	8	#include <stdio.h>
	9	#include <stdlib.h>
	10	#include <string.h>
	11
e5574168	12	#include "ssh.h"
374330e2	13
1c2a93c4	14
374330e2	15	int makekey(unsigned char data, struct RSAKey result,
7cca0d81	16	unsigned char **keystr, int order) {
374330e2	17	unsigned char *p = data;
7cca0d81	18	int i;
374330e2	19
a52f067e	20	if (result) {
	21	result->bits = 0;
	22	for (i=0; i<4; i++)
	23	result->bits = (result->bits << 8) + *p++;
	24	} else
	25	p += 4;
374330e2	26
7cca0d81	27	/*
	28	* order=0 means exponent then modulus (the keys sent by the
	29	* server). order=1 means modulus then exponent (the keys
	30	* stored in a keyfile).
	31	*/
374330e2	32
7cca0d81	33	if (order == 0)
a52f067e	34	p += ssh1_read_bignum(p, result ? &result->exponent : NULL);
	35	if (result)
	36	result->bytes = (((p[0] << 8) + p[1]) + 7) / 8;
7cca0d81	37	if (keystr) *keystr = p+2;
a52f067e	38	p += ssh1_read_bignum(p, result ? &result->modulus : NULL);
7cca0d81	39	if (order == 1)
a52f067e	40	p += ssh1_read_bignum(p, result ? &result->exponent : NULL);
374330e2	41
	42	return p - data;
	43	}
	44
7cca0d81	45	int makeprivate(unsigned char data, struct RSAKey result) {
	46	return ssh1_read_bignum(data, &result->private_exponent);
	47	}
	48
374330e2	49	void rsaencrypt(unsigned char data, int length, struct RSAKey key) {
374330e2	50	Bignum b1, b2;
3709bfe9	51	int i;
374330e2	52	unsigned char *p;
374330e2	53
374330e2	54	memmove(data+key->bytes-length, data, length);
	55	data[0] = 0;
	56	data[1] = 2;
	57
	58	for (i = 2; i < key->bytes-length-1; i++) {
	59	do {
	60	data[i] = random_byte();
	61	} while (data[i] == 0);
	62	}
	63	data[key->bytes-length-1] = 0;
	64
3709bfe9	65	b1 = bignum_from_bytes(data, key->bytes);
374330e2	66
59600f67	67	b2 = modpow(b1, key->exponent, key->modulus);
374330e2	68
374330e2	69	p = data;
d9373729	70	for (i=key->bytes; i-- ;) {
3709bfe9	71	*p++ = bignum_byte(b2, i);
374330e2	72	}
	73
	74	freebn(b1);
	75	freebn(b2);
	76	}
	77
7cca0d81	78	Bignum rsadecrypt(Bignum input, struct RSAKey *key) {
7cca0d81	79	Bignum ret;
59600f67	80	ret = modpow(input, key->private_exponent, key->modulus);
7cca0d81	81	return ret;
	82	}
	83
374330e2	84	int rsastr_len(struct RSAKey *key) {
374330e2	85	Bignum md, ex;
3709bfe9	86	int mdlen, exlen;
374330e2	87
	88	md = key->modulus;
	89	ex = key->exponent;
3709bfe9	90	mdlen = (ssh1_bignum_bitcount(md)+15) / 16;
	91	exlen = (ssh1_bignum_bitcount(ex)+15) / 16;
	92	return 4 * (mdlen+exlen) + 20;
374330e2	93	}
	94
	95	void rsastr_fmt(char str, struct RSAKey key) {
	96	Bignum md, ex;
d5859615	97	int len = 0, i, nibbles;
d5859615	98	static const char hex[] = "0123456789abcdef";
374330e2	99
	100	md = key->modulus;
	101	ex = key->exponent;
	102
d5859615	103	len += sprintf(str+len, "0x");
	104
	105	nibbles = (3 + ssh1_bignum_bitcount(ex))/4; if (nibbles<1) nibbles=1;
	106	for (i=nibbles; i-- ;)
	107	str[len++] = hex[(bignum_byte(ex, i/2) >> (4*(i%2))) & 0xF];
	108
	109	len += sprintf(str+len, ",0x");
	110
	111	nibbles = (3 + ssh1_bignum_bitcount(md))/4; if (nibbles<1) nibbles=1;
	112	for (i=nibbles; i-- ;)
	113	str[len++] = hex[(bignum_byte(md, i/2) >> (4*(i%2))) & 0xF];
	114
374330e2	115	str[len] = '\0';
	116	}
	117
1c2a93c4	118	/*
	119	* Generate a fingerprint string for the key. Compatible with the
	120	* OpenSSH fingerprint code.
	121	*/
	122	void rsa_fingerprint(char str, int len, struct RSAKey key) {
	123	struct MD5Context md5c;
	124	unsigned char digest[16];
	125	char buffer[16*3+40];
	126	int numlen, slen, i;
	127
	128	MD5Init(&md5c);
	129	numlen = ssh1_bignum_length(key->modulus) - 2;
	130	for (i = numlen; i-- ;) {
	131	unsigned char c = bignum_byte(key->modulus, i);
	132	MD5Update(&md5c, &c, 1);
	133	}
	134	numlen = ssh1_bignum_length(key->exponent) - 2;
	135	for (i = numlen; i-- ;) {
	136	unsigned char c = bignum_byte(key->exponent, i);
	137	MD5Update(&md5c, &c, 1);
	138	}
	139	MD5Final(digest, &md5c);
	140
	141	sprintf(buffer, "%d ", ssh1_bignum_bitcount(key->modulus));
	142	for (i = 0; i < 16; i++)
	143	sprintf(buffer+strlen(buffer), "%s%02x", i?":":"", digest[i]);
	144	strncpy(str, buffer, len); str[len-1] = '\0';
	145	slen = strlen(str);
	146	if (key->comment && slen < len-1) {
	147	str[slen] = ' ';
	148	strncpy(str+slen+1, key->comment, len-slen-1);
	149	str[len-1] = '\0';
	150	}
	151	}
	152
5c58ad2d	153	void freersakey(struct RSAKey *key) {
	154	if (key->modulus) freebn(key->modulus);
	155	if (key->exponent) freebn(key->exponent);
	156	if (key->private_exponent) freebn(key->private_exponent);
dcbde236	157	if (key->comment) sfree(key->comment);
5c58ad2d	158	}