2 rsa.c -- RSA key handling
3 Copyright (C) 2007 Guus Sliepen <guus@tinc-vpn.org>
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; either version 2 of the License, or
8 (at your option) any later version.
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with this program; if not, write to the Free Software
17 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
29 // Base64 encoding/decoding tables
31 static const uint8_t b64d[128] = {
32 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
33 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
34 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
35 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
36 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
37 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
38 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
39 0xff, 0x3e, 0xff, 0xff, 0xff, 0x3f,
40 0x34, 0x35, 0x36, 0x37, 0x38, 0x39,
41 0x3a, 0x3b, 0x3c, 0x3d, 0xff, 0xff,
42 0xff, 0xff, 0xff, 0xff, 0xff, 0x00,
43 0x01, 0x02, 0x03, 0x04, 0x05, 0x06,
44 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c,
45 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12,
46 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
47 0x19, 0xff, 0xff, 0xff, 0xff, 0xff,
48 0xff, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e,
49 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24,
50 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a,
51 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30,
52 0x31, 0x32, 0x33, 0xff, 0xff, 0xff,
56 static const char b64e[64] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
58 // PEM encoding/decoding functions
60 static bool pem_decode(FILE *fp, const char *header, uint8_t *buf, size_t size, size_t *outsize) {
68 if(!fgets(line, sizeof line, fp))
71 if(!decode && !strncmp(line, "-----BEGIN ", 11)) {
72 if(!strncmp(line + 11, header, strlen(header)))
77 if(decode && !strncmp(line, "-----END", 8)) {
84 for(i = 0; line[i] >= ' '; i++) {
85 if((signed char)line[i] < 0 || b64d[(int)line[i]] == 0xff)
87 word |= b64d[(int)line[i]] << shift;
108 // BER decoding functions
110 static int ber_read_id(unsigned char **p, size_t *buflen) {
114 if((**p & 0x1f) == 0x1f) {
120 more = *(*p)++ & 0x80;
128 return *(*p)++ & 0x1f;
132 static size_t ber_read_len(unsigned char **p, size_t *buflen) {
138 int len = *(*p)++ & 0x7f;
157 static bool ber_read_sequence(unsigned char **p, size_t *buflen, size_t *result) {
158 int tag = ber_read_id(p, buflen);
159 size_t len = ber_read_len(p, buflen);
170 static bool ber_read_mpi(unsigned char **p, size_t *buflen, gcry_mpi_t *mpi) {
171 int tag = ber_read_id(p, buflen);
172 size_t len = ber_read_len(p, buflen);
173 gcry_error_t err = 0;
175 if(tag != 0x02 || len > *buflen)
179 err = gcry_mpi_scan(mpi, GCRYMPI_FMT_USG, *p, len, NULL);
184 return mpi ? !err : true;
187 bool rsa_set_hex_public_key(rsa_t *rsa, char *n, char *e) {
188 gcry_error_t err = 0;
190 err = gcry_mpi_scan(&rsa->n, GCRYMPI_FMT_HEX, n, 0, NULL)
191 ?: gcry_mpi_scan(&rsa->e, GCRYMPI_FMT_HEX, n, 0, NULL);
194 logger(LOG_ERR, _("Error while reading RSA public key: %s"), gcry_strerror(errno));
201 bool rsa_set_hex_private_key(rsa_t *rsa, char *n, char *e, char *d) {
202 gcry_error_t err = 0;
204 err = gcry_mpi_scan(&rsa->n, GCRYMPI_FMT_HEX, n, 0, NULL)
205 ?: gcry_mpi_scan(&rsa->e, GCRYMPI_FMT_HEX, n, 0, NULL)
206 ?: gcry_mpi_scan(&rsa->d, GCRYMPI_FMT_HEX, n, 0, NULL);
209 logger(LOG_ERR, _("Error while reading RSA public key: %s"), gcry_strerror(errno));
218 bool rsa_read_pem_public_key(rsa_t *rsa, FILE *fp) {
219 uint8_t derbuf[8096], *derp = derbuf;
222 if(!pem_decode(fp, "RSA PUBLIC KEY", derbuf, sizeof derbuf, &derlen)) {
223 logger(LOG_ERR, _("Unable to read RSA public key: %s"), strerror(errno));
227 if(!ber_read_sequence(&derp, &derlen, NULL)
228 || !ber_read_mpi(&derp, &derlen, &rsa->n)
229 || !ber_read_mpi(&derp, &derlen, &rsa->e)
231 logger(LOG_ERR, _("Error while decoding RSA public key"));
238 bool rsa_read_pem_private_key(rsa_t *rsa, FILE *fp) {
239 uint8_t derbuf[8096], *derp = derbuf;
242 if(!pem_decode(fp, "RSA PRIVATE KEY", derbuf, sizeof derbuf, &derlen)) {
243 logger(LOG_ERR, _("Unable to read RSA private key: %s"), strerror(errno));
247 if(!ber_read_sequence(&derp, &derlen, NULL)
248 || !ber_read_mpi(&derp, &derlen, NULL)
249 || !ber_read_mpi(&derp, &derlen, &rsa->n)
250 || !ber_read_mpi(&derp, &derlen, &rsa->e)
251 || !ber_read_mpi(&derp, &derlen, &rsa->d)
252 || !ber_read_mpi(&derp, &derlen, NULL) // p
253 || !ber_read_mpi(&derp, &derlen, NULL) // q
254 || !ber_read_mpi(&derp, &derlen, NULL)
255 || !ber_read_mpi(&derp, &derlen, NULL)
256 || !ber_read_mpi(&derp, &derlen, NULL) // u
258 logger(LOG_ERR, _("Error while decoding RSA private key"));
265 size_t rsa_size(rsa_t *rsa) {
266 return (gcry_mpi_get_nbits(rsa->n) + 7) / 8;
269 /* Well, libgcrypt has functions to handle RSA keys, but they suck.
270 * So we just use libgcrypt's mpi functions, and do the math ourselves.
273 // TODO: get rid of this macro, properly clean up gcry_ structures after use
274 #define check(foo) { gcry_error_t err = (foo); if(err) {logger(LOG_ERR, "gcrypt error %s/%s at %s:%d\n", gcry_strsource(err), gcry_strerror(err), __FILE__, __LINE__); return false; }}
276 bool rsa_public_encrypt(rsa_t *rsa, void *in, size_t len, void *out) {
278 check(gcry_mpi_scan(&inmpi, GCRYMPI_FMT_USG, in, len, NULL));
280 gcry_mpi_t outmpi = gcry_mpi_new(len * 8);
281 gcry_mpi_powm(outmpi, inmpi, rsa->e, rsa->n);
283 check(gcry_mpi_print(GCRYMPI_FMT_USG, out,len, NULL, outmpi));
288 bool rsa_private_decrypt(rsa_t *rsa, void *in, size_t len, void *out) {
290 check(gcry_mpi_scan(&inmpi, GCRYMPI_FMT_USG, in, len, NULL));
292 gcry_mpi_t outmpi = gcry_mpi_new(len * 8);
293 gcry_mpi_powm(outmpi, inmpi, rsa->d, rsa->n);
295 check(gcry_mpi_print(GCRYMPI_FMT_USG, out,len, NULL, outmpi));