[BACK]Return to pk.c CVS log [TXT][DIR] Up to [cvs.NetBSD.org] / src / lib / libtelnet

File: [cvs.NetBSD.org] / src / lib / libtelnet / pk.c (download)

Revision 1.4, Sat Feb 19 22:55:35 2005 UTC (19 years, 1 month ago) by christos
Branch: MAIN
CVS Tags: yamt-pf42-baseX, yamt-pf42-base4, yamt-pf42-base3, yamt-pf42-base2, yamt-pf42-base, yamt-pf42, yamt-pagecache-tag8, yamt-pagecache-base9, yamt-pagecache-base8, yamt-pagecache-base7, yamt-pagecache-base6, yamt-pagecache-base5, yamt-pagecache-base4, yamt-pagecache-base3, yamt-pagecache-base2, yamt-pagecache-base, yamt-pagecache, wrstuden-revivesa-base-3, wrstuden-revivesa-base-2, wrstuden-revivesa-base-1, wrstuden-revivesa-base, wrstuden-revivesa, wrstuden-fixsa-newbase, wrstuden-fixsa-base-1, wrstuden-fixsa-base, wrstuden-fixsa, tls-maxphys-base, tls-maxphys, tls-earlyentropy-base, tls-earlyentropy, riastradh-xf86-video-intel-2-7-1-pre-2-21-15, riastradh-drm2-base3, riastradh-drm2-base2, riastradh-drm2-base1, riastradh-drm2-base, riastradh-drm2, prg-localcount2-base3, prg-localcount2-base2, prg-localcount2-base1, prg-localcount2-base, prg-localcount2, phil-wifi-base, phil-wifi-20200421, phil-wifi-20200411, phil-wifi-20200406, phil-wifi-20191119, phil-wifi-20190609, phil-wifi, pgoyette-localcount-base, pgoyette-localcount-20170426, pgoyette-localcount-20170320, pgoyette-localcount-20170107, pgoyette-localcount-20161104, pgoyette-localcount-20160806, pgoyette-localcount-20160726, pgoyette-localcount, pgoyette-compat-merge-20190127, pgoyette-compat-base, pgoyette-compat-20190127, pgoyette-compat-20190118, pgoyette-compat-1226, pgoyette-compat-1126, pgoyette-compat-1020, pgoyette-compat-0930, pgoyette-compat-0906, pgoyette-compat-0728, pgoyette-compat-0625, pgoyette-compat-0521, pgoyette-compat-0502, pgoyette-compat-0422, pgoyette-compat-0415, pgoyette-compat-0407, pgoyette-compat-0330, pgoyette-compat-0322, pgoyette-compat-0315, pgoyette-compat, perseant-stdc-iso10646-base, perseant-stdc-iso10646, netbsd-9-base, netbsd-9-3-RELEASE, netbsd-9-2-RELEASE, netbsd-9-1-RELEASE, netbsd-9-0-RELEASE, netbsd-9-0-RC2, netbsd-9-0-RC1, netbsd-9, netbsd-8-base, netbsd-8-2-RELEASE, netbsd-8-1-RELEASE, netbsd-8-1-RC1, netbsd-8-0-RELEASE, netbsd-8-0-RC2, netbsd-8-0-RC1, netbsd-8, netbsd-7-nhusb-base-20170116, netbsd-7-nhusb-base, netbsd-7-nhusb, netbsd-7-base, netbsd-7-2-RELEASE, netbsd-7-1-RELEASE, netbsd-7-1-RC2, netbsd-7-1-RC1, netbsd-7-1-2-RELEASE, netbsd-7-1-1-RELEASE, netbsd-7-1, netbsd-7-0-RELEASE, netbsd-7-0-RC3, netbsd-7-0-RC2, netbsd-7-0-RC1, netbsd-7-0-2-RELEASE, netbsd-7-0-1-RELEASE, netbsd-7-0, netbsd-7, netbsd-6-base, netbsd-6-1-RELEASE, netbsd-6-1-RC4, netbsd-6-1-RC3, netbsd-6-1-RC2, netbsd-6-1-RC1, netbsd-6-1-5-RELEASE, netbsd-6-1-4-RELEASE, netbsd-6-1-3-RELEASE, netbsd-6-1-2-RELEASE, netbsd-6-1-1-RELEASE, netbsd-6-1, netbsd-6-0-RELEASE, netbsd-6-0-RC2, netbsd-6-0-RC1, netbsd-6-0-6-RELEASE, netbsd-6-0-5-RELEASE, netbsd-6-0-4-RELEASE, netbsd-6-0-3-RELEASE, netbsd-6-0-2-RELEASE, netbsd-6-0-1-RELEASE, netbsd-6-0, netbsd-6, netbsd-5-base, netbsd-5-2-RELEASE, netbsd-5-2-RC1, netbsd-5-2-3-RELEASE, netbsd-5-2-2-RELEASE, netbsd-5-2-1-RELEASE, netbsd-5-2, netbsd-5-1-RELEASE, netbsd-5-1-RC4, netbsd-5-1-RC3, netbsd-5-1-RC2, netbsd-5-1-RC1, netbsd-5-1-5-RELEASE, netbsd-5-1-4-RELEASE, netbsd-5-1-3-RELEASE, netbsd-5-1-2-RELEASE, netbsd-5-1-1-RELEASE, netbsd-5-1, netbsd-5-0-RELEASE, netbsd-5-0-RC4, netbsd-5-0-RC3, netbsd-5-0-RC2, netbsd-5-0-RC1, netbsd-5-0-2-RELEASE, netbsd-5-0-1-RELEASE, netbsd-5-0, netbsd-5, netbsd-4-base, netbsd-4-0-RELEASE, netbsd-4-0-RC5, netbsd-4-0-RC4, netbsd-4-0-RC3, netbsd-4-0-RC2, netbsd-4-0-RC1, netbsd-4-0-1-RELEASE, netbsd-4-0, netbsd-4, netbsd-3-base, netbsd-3-1-RELEASE, netbsd-3-1-RC4, netbsd-3-1-RC3, netbsd-3-1-RC2, netbsd-3-1-RC1, netbsd-3-1-1-RELEASE, netbsd-3-1, netbsd-3-0-RELEASE, netbsd-3-0-RC6, netbsd-3-0-RC5, netbsd-3-0-RC4, netbsd-3-0-RC3, netbsd-3-0-RC2, netbsd-3-0-RC1, netbsd-3-0-3-RELEASE, netbsd-3-0-2-RELEASE, netbsd-3-0-1-RELEASE, netbsd-3-0, netbsd-3, netbsd-10-base, netbsd-10-0-RELEASE, netbsd-10-0-RC6, netbsd-10-0-RC5, netbsd-10-0-RC4, netbsd-10-0-RC3, netbsd-10-0-RC2, netbsd-10-0-RC1, netbsd-10, mjf-devfs2-base, mjf-devfs2, matt-premerge-20091211, matt-nb8-mediatek-base, matt-nb8-mediatek, matt-nb6-plus-nbase, matt-nb6-plus-base, matt-nb6-plus, matt-nb5-pq3-base, matt-nb5-pq3, matt-nb5-mips64-u2-k2-k4-k7-k8-k9, matt-nb5-mips64-u1-k1-k5, matt-nb5-mips64-premerge-20101231, matt-nb5-mips64-premerge-20091211, matt-nb5-mips64-k15, matt-nb5-mips64, matt-nb4-mips64-k7-u2a-k9b, matt-mips64-premerge-20101231, matt-mips64-base2, matt-mips64-base, matt-mips64, matt-armv6-prevmlocking, matt-armv6-nbase, matt-armv6-base, matt-armv6, localcount-20160914, keiichi-mipv6-base, keiichi-mipv6, jym-xensuspend-nbase, jym-xensuspend-base, jym-xensuspend, is-mlppp-base, is-mlppp, hpcarm-cleanup-nbase, hpcarm-cleanup-base, hpcarm-cleanup, cube-autoconf-base, cube-autoconf, cjep_sun2x-base1, cjep_sun2x-base, cjep_sun2x, cjep_staticlib_x-base1, cjep_staticlib_x-base, cjep_staticlib_x, cherry-xenmp-base, cherry-xenmp, bouyer-socketcan-base1, bouyer-socketcan-base, bouyer-socketcan, bouyer-quota2-nbase, bouyer-quota2-base, bouyer-quota2, agc-symver-base, agc-symver, abandoned-netbsd-4-base, abandoned-netbsd-4, HEAD
Changes since 1.3: +34 -34 lines

constify, whitespace.

/*-
 * Copyright (c) 1991, 1993
 *	Dave Safford.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. Neither the name of the University nor the names of its contributors
 *    may be used to endorse or promote products derived from this software
 *    without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 * 
 */

#include <sys/cdefs.h>

#ifdef notdef
__FBSDID("$FreeBSD: src/contrib/telnet/libtelnet/pk.c,v 1.10 2002/08/22 06:19:07 nsayer Exp $");
#else
__RCSID("$NetBSD: pk.c,v 1.4 2005/02/19 22:55:35 christos Exp $");
#endif

/* public key routines */
/* functions:
	genkeys(char *public, char *secret)
	common_key(char *secret, char *public, desData *deskey)
	pk_encode(char *in, *out, DesData *deskey);
	pk_decode(char *in, *out, DesData *deskey);
      where
	char public[HEXKEYBYTES + 1];
	char secret[HEXKEYBYTES + 1];
 */

#include <sys/time.h>
#include <des.h>
#include <openssl/bn.h>
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#include "pk.h"
 
static void adjust(char *, const char *);

/*
 * Choose top 128 bits of the common key to use as our idea key.
 */
static void
extractideakey(BIGNUM *ck, IdeaData *ideakey)
{
	BIGNUM *a = BN_new();
	BIGNUM *z = BN_new();
	BIGNUM *base = BN_new();
	BN_CTX *ctx = BN_CTX_new();
	size_t i;
	char *k;

	(void)BN_zero(a);
	(void)BN_zero(z);
	(void)BN_set_word(base, 1 << 8);
	BN_add(a, ck, z);

	for (i = 0; i < ((KEYSIZE - 128) / 8); i++)
		BN_div(a, z, a, base, ctx);

	k = (char *)(void *)ideakey;
	for (i = 0; i < 16; i++) {
		BN_div(a, z, a, base, ctx);
		*k++ = (char)BN_get_word(z);
	}

	BN_CTX_free(ctx);
	BN_free(base);
	BN_free(z);
	BN_free(a);
}

/*
 * Choose middle 64 bits of the common key to use as our des key, possibly
 * overwriting the lower order bits by setting parity. 
 */
static void
extractdeskey(BIGNUM *ck, DesData *deskey)
{
	BIGNUM *a = BN_new();
	BIGNUM *z = BN_new();
	BIGNUM *base = BN_new();
	BN_CTX *ctx = BN_CTX_new();
	size_t i;
	char *k;

	(void)BN_zero(z);
	(void)BN_zero(a);
	(void)BN_set_word(base, 1 << 8);
	BN_add(a, ck, z);

	for (i = 0; i < ((KEYSIZE - 64) / 2) / 8; i++)
		BN_div(a, z, a, base, ctx);

	k = (char *)deskey;
	for (i = 0; i < 8; i++) {
		BN_div(a, z, a, base, ctx);
		*k++ = (char)BN_get_word(z);
	}

	BN_CTX_free(ctx);
	BN_free(base);
	BN_free(z);
	BN_free(a);
}

/*
 * get common key from my secret key and his public key
 */
void
common_key(char *xsecret, char *xpublic, IdeaData *ideakey, DesData *deskey)
{
	BIGNUM *public = BN_new();
	BIGNUM *secret = BN_new();
	BIGNUM *common = BN_new();
	BIGNUM *modulus	 = BN_new();
	BN_CTX *ctx = BN_CTX_new();

	(void)BN_hex2bn(&modulus, HEXMODULUS);
	(void)BN_hex2bn(&public, xpublic);
	(void)BN_hex2bn(&secret, xsecret);
	(void)BN_zero(common);

	BN_mod_exp(common, public, secret, modulus, ctx);
	extractdeskey(common, deskey);
	extractideakey(common, ideakey);
	des_set_odd_parity(deskey);

	BN_CTX_free(ctx);
	BN_free(common);
	BN_free(secret);
	BN_free(public);
	BN_free(modulus);
}

/*
 * Generate a seed
 */
static void
getseed(char *seed, size_t seedsize)
{
	size_t i;

	for (i = 0; i < seedsize; i++)
		seed[i] = arc4random() & 0xff;
}

/*
 * Generate a random public/secret key pair
 */
void
genkeys(char *public, char *secret)
{
	size_t i;
 
#	define BASEBITS (8 * sizeof(short) - 1)
#	define BASE (1 << BASEBITS)
 
	BIGNUM *pk = BN_new();
	BIGNUM *sk = BN_new();
	BIGNUM *tmp = BN_new();
	BIGNUM *base = BN_new();
	BIGNUM *root = BN_new();
	BIGNUM *modulus = BN_new();
	BN_CTX *ctx = BN_CTX_new();
	short r;
	unsigned short seed[KEYSIZE/BASEBITS + 1];
	char *xkey;

	(void)BN_zero(pk);
	(void)BN_zero(sk);
	(void)BN_set_word(base, BASE);
	(void)BN_set_word(root, PROOT);
	(void)BN_hex2bn(&modulus, HEXMODULUS);

	getseed((char *)seed, sizeof(seed));	
	for (i = 0; i < KEYSIZE/BASEBITS + 1; i++) {
		r = seed[i] % BASE;
		(void)BN_set_word(tmp, r);
		BN_mul(sk, tmp, sk, ctx);
		BN_add(sk, tmp, sk);
	}

	(void)BN_zero(tmp);
	BN_div(tmp, sk, sk, modulus, ctx);
	BN_mod_exp(pk, root, sk, modulus, ctx);

	xkey = BN_bn2hex(sk);	
	adjust(secret, xkey);
	xkey = BN_bn2hex(pk);
	adjust(public, xkey);

	BN_CTX_free(ctx);
	BN_free(sk);
	BN_free(base);
	BN_free(pk);
	BN_free(tmp);
	BN_free(root);
	BN_free(modulus);
} 

/*
 * Adjust the input key so that it is 0-filled on the left
 */
static void
adjust(char *keyout, const char *keyin)
{
	const char *p;
	char *s;

	for (p = keyin; *p; p++) 
		continue;
	for (s = keyout + HEXKEYBYTES; p >= keyin; p--, s--)
		*s = *p;
	while (s >= keyout)
		*s-- = '0';
}

static const char hextab[] = "0123456789ABCDEF";

/* given a DES key, cbc encrypt and translate input to terminated hex */
void
pk_encode(const char *in, char *out, DesData *key)
{
	char buf[256];
	DesData i;
	des_key_schedule k;
	size_t l, op, deslen;

	(void)memset(&i, 0, sizeof(i));
	(void)memset(buf, 0, sizeof(buf));
	deslen = ((strlen(in) + 7) / 8) * 8;
	des_key_sched(key, k);
	des_cbc_encrypt(in, buf, deslen, k, &i, DES_ENCRYPT);
	for (l = 0, op = 0; l < deslen; l++) {
		out[op++] = hextab[(buf[l] & 0xf0) >> 4];
		out[op++] = hextab[(buf[l] & 0x0f)];
	}
	out[op] = '\0';
}

/* given a DES key, translate input from hex and decrypt */
void
pk_decode(const char *in, char *out, DesData *key)
{
	char buf[256];
	DesData i;
	des_key_schedule k;
	int n1, n2, op;
	size_t l;
	size_t len = strlen(in) / 2;

	(void)memset(&i, 0, sizeof(i));
	(void)memset(buf, 0, sizeof(buf));

	for (l = 0, op = 0; l < len; l++, op += 2) {
		if (in[op] > '9')
			n1 = in[op] - 'A' + 10;
		else
			n1 = in[op] - '0';
		if (in[op + 1] > '9')
			n2 = in[op + 1] - 'A' + 10;
		else
			n2 = in[op + 1] - '0';
		buf[l] = (char)(n1 * 16 + n2);
	}
	des_key_sched(key, k);
	des_cbc_encrypt(buf, out, len, k, &i, DES_DECRYPT);
	out[len] = '\0';
}