diff options
| -rw-r--r-- | CHANGES | 6 | ||||
| -rw-r--r-- | appl/cmd/auth/createsignerkey.b | 4 | ||||
| -rw-r--r-- | dis/auth/createsignerkey.dis | bin | 2365 -> 2365 bytes | |||
| -rw-r--r-- | include/mp.h | 2 | ||||
| -rw-r--r-- | libinterp/ipint.c | 136 | ||||
| -rw-r--r-- | libinterp/keyring.c | 94 | ||||
| -rw-r--r-- | libkeyring/dsaalg.c | 4 | ||||
| -rw-r--r-- | libkeyring/egalg.c | 4 | ||||
| -rw-r--r-- | libkeyring/keys.h | 12 | ||||
| -rw-r--r-- | libkeyring/rsaalg.c | 14 |
10 files changed, 105 insertions, 171 deletions
@@ -1,3 +1,9 @@ +20080611 + Keyring->dhparams to use DSAprimes in special case + IPint.random now ignores minint (will go next revision) + BigInt -> mpint* + checkIPint in libinterp/ipint.c + default keys in auth/createsignerkey are 1024 not 512 bits 20080610 push sh-mload(1) and changes to sh-expr(1) 20080609 diff --git a/appl/cmd/auth/createsignerkey.b b/appl/cmd/auth/createsignerkey.b index 90a54b6f..e7b22c50 100644 --- a/appl/cmd/auth/createsignerkey.b +++ b/appl/cmd/auth/createsignerkey.b @@ -16,10 +16,10 @@ include "arg.m"; SKexpire: con 0; # size in bits of modulus for public keys -PKmodlen: con 512; +PKmodlen: con 1024; # size in bits of modulus for diffie hellman -DHmodlen: con 512; +DHmodlen: con 1024; algs := array[] of {"rsa", "elgamal"}; # first entry is default diff --git a/dis/auth/createsignerkey.dis b/dis/auth/createsignerkey.dis Binary files differindex 877881f0..6711d832 100644 --- a/dis/auth/createsignerkey.dis +++ b/dis/auth/createsignerkey.dis diff --git a/include/mp.h b/include/mp.h index 5f924a37..3eb020ef 100644 --- a/include/mp.h +++ b/include/mp.h @@ -137,5 +137,3 @@ void crtresfree(CRTres*); #pragma varargck type "B" mpint* #pragma varargck type "U" mpint* - -typedef mpint *BigInt; diff --git a/libinterp/ipint.c b/libinterp/ipint.c index 94f4acc0..968540af 100644 --- a/libinterp/ipint.c +++ b/libinterp/ipint.c @@ -9,30 +9,36 @@ #include "../libkeyring/keys.h" #include "raise.h" -enum { - PSEUDO=0, - REALLY, -}; - -void getRandBetween(BigInt p, BigInt q, BigInt result, int type); - extern Type *TIPint; -#define MP(x) (((IPint*)(x))->b) +#define MP(x) checkIPint((x)) Keyring_IPint* -newIPint(BigInt b) +newIPint(mpint* b) { Heap *h; IPint *ip; if(b == nil) error(exHeap); - h = heap(TIPint); /* TO DO: loss if heap fails */ + h = heap(TIPint); /* TO DO: caller might lose other values if heap raises error here */ ip = H2D(IPint*, h); ip->b = b; return (Keyring_IPint*)ip; } +mpint* +checkIPint(Keyring_IPint *v) +{ + IPint *ip; + + ip = (IPint*)v; + if(ip == H || ip == nil) + error(exNilref); + if(D2H(ip)->t != TIPint) + error(exType); + return ip->b; +} + void freeIPint(Heap *h, int swept) { @@ -49,7 +55,7 @@ void IPint_iptob64z(void *fp) { F_IPint_iptob64 *f; - BigInt b; + mpint *b; char buf[MaxBigBytes]; /* TO DO: should allocate these */ uchar *p; int n, o; @@ -154,7 +160,7 @@ static Keyring_IPint* strtoipint(String *s, int base) { char *p, *q; - BigInt b; + mpint *b; p = string2c(s); b = strtomp(p, &q, base, nil); @@ -185,7 +191,7 @@ void IPint_bytestoip(void *fp) { F_IPint_bytestoip *f; - BigInt b; + mpint *b; f = fp; destroy(*f->ret); @@ -202,7 +208,7 @@ void IPint_bebytestoip(void *fp) { F_IPint_bebytestoip *f; - BigInt b; + mpint *b; f = fp; destroy(*f->ret); @@ -232,24 +238,17 @@ void IPint_random(void *fp) { F_IPint_random *f; - BigInt b, min, max; + mpint *b; + void *v; f = fp; - destroy(*f->ret); + v = *f->ret; *f->ret = H; + destroy(v); - b = itomp(1, nil); - min = mpnew(0); - max = mpnew(0); - mpleft(b, f->minbits, min); - mpleft(b, f->maxbits, max); - release(); - getRandBetween(min, max, b, PSEUDO); /* TO DO */ + b = mprand(f->maxbits, genrandom, nil); acquire(); - - mpfree(min); - mpfree(max); *f->ret = newIPint(b); } @@ -301,7 +300,7 @@ void IPint_expmod(void *fp) { F_IPint_expmod *f; - BigInt ret, mod; + mpint *ret, *mod; f = fp; destroy(*f->ret); @@ -324,7 +323,7 @@ void IPint_invert(void *fp) { F_IPint_invert *f; - BigInt ret; + mpint *ret; f = fp; destroy(*f->ret); @@ -341,7 +340,7 @@ void IPint_add(void *fp) { F_IPint_add *f; - BigInt i1, i2, ret; + mpint *i1, *i2, *ret; f = fp; destroy(*f->ret); @@ -362,7 +361,7 @@ void IPint_sub(void *fp) { F_IPint_sub *f; - BigInt i1, i2, ret; + mpint *i1, *i2, *ret; f = fp; destroy(*f->ret); @@ -383,7 +382,7 @@ void IPint_mul(void *fp) { F_IPint_mul *f; - BigInt i1, i2, ret; + mpint *i1, *i2, *ret; f = fp; destroy(*f->ret); @@ -404,7 +403,7 @@ void IPint_div(void *fp) { F_IPint_div *f; - BigInt i1, i2, quo, rem; + mpint *i1, *i2, *quo, *rem; f = fp; destroy(f->ret->t0); @@ -434,7 +433,7 @@ void IPint_mod(void *fp) { F_IPint_mod *f; - BigInt i1, i2, ret; + mpint *i1, *i2, *ret; f = fp; destroy(*f->ret); @@ -455,7 +454,7 @@ void IPint_neg(void *fp) { F_IPint_neg *f; - BigInt i, ret; + mpint *i, *ret; f = fp; destroy(*f->ret); @@ -525,7 +524,7 @@ void IPint_shl(void *fp) { F_IPint_shl *f; - BigInt ret; + mpint *ret; f = fp; destroy(*f->ret); @@ -543,7 +542,7 @@ void IPint_shr(void *fp) { F_IPint_shr *f; - BigInt ret; + mpint *ret; f = fp; destroy(*f->ret); @@ -647,7 +646,7 @@ void IPint_and(void *fp) { F_IPint_and *f; - BigInt ret; + mpint *ret; f = fp; destroy(*f->ret); @@ -665,7 +664,7 @@ void IPint_ori(void *fp) { F_IPint_ori *f; - BigInt ret; + mpint *ret; f = fp; destroy(*f->ret); @@ -683,7 +682,7 @@ void IPint_xor(void *fp) { F_IPint_xor *f; - BigInt ret; + mpint *ret; f = fp; destroy(*f->ret); @@ -701,7 +700,7 @@ void IPint_not(void *fp) { F_IPint_not *f; - BigInt ret; + mpint *ret; f = fp; destroy(*f->ret); @@ -714,60 +713,3 @@ IPint_not(void *fp) mpnot(MP(f->i1), ret); *f->ret = newIPint(ret); } - -/* - * return a random number between a and b - */ -void -getRandBetween(BigInt p, BigInt q, BigInt result, int type) -{ - BigInt T, slop, r, diff, one, two; - int length; - -if(0)print("1"); - diff = mpnew(0); - one = itomp(1, nil); - - /* smaller in p, larger in q */ - if (mpcmp(p, q) > 0) { - T = p; p = q; q = T; - } - - mpsub(q, p, diff); - - two = itomp(2, nil); - if(mpcmp(diff, two) < 0){ - mpfree(one); - mpfree(two); - itomp(0, result); - return; - } - mpfree(two); - - /* generate a random number between 0 and diff */ - T = mpnew(0); - slop = mpnew(0); - mpleft(one, mpsignif(diff), T); - length = mpsignif(T); - - mpmod(T, diff, slop); - mpfree(T); - - r = mpnew(0); - do { -if(0)print("3"); - mprand(length, type == PSEUDO? prng: genrandom, r); -if(0)print("4"); - } while (mpcmp(r, slop) < 0); - mpfree(slop); - - mpmod(r, diff, result); - mpfree(r); - mpfree(diff); - mpfree(one); - - /* add smaller number back in */ - mpadd(result, p, result); - -if(0)print("2"); -} diff --git a/libinterp/keyring.c b/libinterp/keyring.c index 57a2095d..b0f0a0fa 100644 --- a/libinterp/keyring.c +++ b/libinterp/keyring.c @@ -15,7 +15,6 @@ enum { PSEUDO=0, REALLY, }; -void getRandBetween(BigInt p, BigInt q, BigInt result, int type); Type *TSigAlg; Type *TCertificate; @@ -69,7 +68,8 @@ PK* checkPK(Keyring_PK *k); extern void setid(char*, int); extern vlong osusectime(void); -extern Keyring_IPint* newIPint(BigInt); +extern Keyring_IPint* newIPint(mpint*); +extern mpint* checkIPint(Keyring_IPint*); extern void freeIPint(Heap*, int); static char exBadSA[] = "bad signature algorithm"; @@ -92,7 +92,7 @@ struct XBFstate /* convert a Big to base64 ascii */ int -bigtobase64(BigInt b, char *buf, int len) +bigtobase64(mpint* b, char *buf, int len) { uchar *p; int n, rv, o; @@ -129,11 +129,11 @@ Err: int big64conv(Fmt *f) { - BigInt b; + mpint *b; char *buf; int n; - b = va_arg(f->args, BigInt); + b = va_arg(f->args, mpint*); n = (b->top+1)*Dbytes + 1; n = ((n+3)/3)*4 + 1; buf = malloc(n); @@ -143,19 +143,6 @@ big64conv(Fmt *f) return n; } -static BigInt -checkIPint(Keyring_IPint *v) -{ - IPint *ip; - - ip = (IPint*)v; - if(ip == H || ip == nil) - error(exNilref); - if(D2H(ip)->t != TIPint) - error(exType); - return ip->b; -} - static void* newthing(Type *t, int add) { @@ -168,7 +155,7 @@ newthing(Type *t, int add) } static Keyring_IPint* -ipcopymp(BigInt b) +ipcopymp(mpint* b) { if(b == nil) return H; @@ -176,12 +163,12 @@ ipcopymp(BigInt b) } /* convert a base64 string to a big */ -BigInt +mpint* base64tobig(char *str, char **strp) { int n; char *p; - BigInt b; + mpint *b; uchar hex[(MaxBigBytes*6 + 7)/8]; for(p = str; *p && *p != '\n'; p++) @@ -400,7 +387,7 @@ Keyring_genSKfromPK(void *fp) acquire(); } -/* converts a sequence of newline-separated base64-encoded BigInts to attr=hexval ... in f */ +/* converts a sequence of newline-separated base64-encoded mpints to attr=hexval ... in f */ static char* bigs2attr(Fmt *f, char *bigs, char **names) { @@ -900,7 +887,7 @@ static Certificate* sign(SK *sk, char *ha, ulong exp, uchar *a, int len) { Certificate *c; - BigInt b; + mpint *b; int n; SigAlg *sa; DigestState *ds; @@ -956,7 +943,7 @@ Keyring_sign(void *fp) { F_Keyring_sign *f; Certificate *c; - BigInt b; + mpint *b; int n; SigAlg *sa; SK *sk; @@ -1015,7 +1002,7 @@ Keyring_signm(void *fp) { F_Keyring_signm *f; Certificate *c; - BigInt b; + mpint *b; SigAlg *sa; SK *sk; void *v; @@ -1043,7 +1030,7 @@ Keyring_signm(void *fp) static int verify(PK *pk, Certificate *c, char *a, int len) { - BigInt b; + mpint *b; int n; SigAlg *sa, *pksa; DigestState *ds; @@ -1096,7 +1083,7 @@ Keyring_verify(void *fp) { F_Keyring_verify *f; Certificate *c; - BigInt b; + mpint *b; int n; SigAlg *sa, *pksa; PK *pk; @@ -1352,21 +1339,25 @@ void Keyring_dhparams(void *fp) { F_Keyring_dhparams *f; - EGpriv *egp; - BigInt p, alpha; + mpint *p, *alpha; + void *v; f = fp; - destroy(f->ret->t0); + v = f->ret->t0; f->ret->t0 = H; - destroy(f->ret->t1); + destroy(v); + v = f->ret->t1; f->ret->t1 = H; + destroy(v); + p = mpnew(0); + alpha = mpnew(0); release(); - egp = eggen(f->nbits, 0); + if(f->nbits == 1024) + DSAprimes(alpha, p, nil); + else + gensafeprime(p, alpha, f->nbits, 0); acquire(); - p = mpcopy(egp->pub.p); - alpha = mpcopy(egp->pub.alpha); - egprivfree(egp); f->ret->t0 = newIPint(alpha); f->ret->t1 = newIPint(p); } @@ -1548,7 +1539,7 @@ void Keyring_auth(void *fp) { F_Keyring_auth *f; - BigInt r0, r1, p, alpha, alphar0, alphar1, alphar0r1, low; + mpint *r0, *r1, *p, *alpha, *alphar0, *alphar1, *alphar0r1; SK *mysk; PK *mypk, *spk, *hispk; Certificate *cert, *hiscert, *alphacert; @@ -1568,7 +1559,7 @@ Keyring_auth(void *fp) f->ret->t0 = H; destroy(f->ret->t1); f->ret->t1 = H; - low = r0 = r1 = alphar0 = alphar1 = alphar0r1 = nil; + r0 = r1 = alphar0 = alphar1 = alphar0r1 = nil; /* check args */ if(f->fd == H || f->fd->fd < 0){ @@ -1636,15 +1627,14 @@ Keyring_auth(void *fp) } /* get alpha and p */ - p = ((IPint*)f->info->p)->b; - alpha = ((IPint*)f->info->alpha)->b; + p = checkIPint(f->info->p); + alpha = checkIPint(f->info->alpha); if(p->sign == -1) { err = "-ve modulus"; goto out; } - low = mpnew(0); r0 = mpnew(0); r1 = mpnew(0); alphar0 = mpnew(0); @@ -1653,8 +1643,7 @@ Keyring_auth(void *fp) /* generate alpha**r0 */ if(0)print("X"); release(); - mpright(p, mpsignif(p)/4, low); - getRandBetween(low, p, r0, PSEUDO); + mprand(mpsignif(p), genrandom, r0); mpexp(alpha, r0, p, alphar0); acquire(); if(0)print("Y"); @@ -1842,8 +1831,7 @@ out: destroy(alphacert); } free(buf); - if(low != nil){ - mpfree(low); + if(r0 != nil){ mpfree(r0); mpfree(r1); mpfree(alphar0); @@ -1949,7 +1937,7 @@ Keyring_readauthinfo(void *fp) SK *mysk; SigAlg *sa; Keyring_Authinfo *ai; - BigInt b; + mpint *b; f = fp; destroy(*f->ret); @@ -2704,7 +2692,7 @@ DSAsk_sign(void *fp) F_DSAsk_sign *f; Keyring_DSAsig *sig; DSApriv p; - BigInt m; + mpint *m; DSAsig *s; void *v; @@ -2730,7 +2718,7 @@ DSApk_verify(void *fp) F_DSApk_verify *f; DSApub p; DSAsig sig; - BigInt m; + mpint *m; f = fp; *f->ret = 0; @@ -2808,7 +2796,7 @@ EGsk_sign(void *fp) F_EGsk_sign *f; Keyring_EGsig *sig; EGpriv p; - BigInt m; + mpint *m; EGsig *s; void *v; @@ -2834,7 +2822,7 @@ EGpk_verify(void *fp) F_EGpk_verify *f; EGpub p; EGsig sig; - BigInt m; + mpint *m; f = fp; *f->ret = 0; @@ -2894,7 +2882,7 @@ RSApk_encrypt(void *fp) { F_RSApk_encrypt *f; RSApub p; - BigInt m, o; + mpint *m, *o; void *v; f = fp; @@ -2968,7 +2956,7 @@ RSAsk_decrypt(void *fp) { F_RSAsk_decrypt *f; RSApriv p; - BigInt m, o; + mpint *m, *o; void *v; f = fp; @@ -2990,7 +2978,7 @@ RSAsk_sign(void *fp) F_RSAsk_sign *f; Keyring_RSAsig *sig; RSApriv p; - BigInt m, s; + mpint *m, *s; void *v; f = fp; @@ -3012,7 +3000,7 @@ RSApk_verify(void *fp) { F_RSApk_verify *f; RSApub p; - BigInt sig, m, t; + mpint *sig, *m, *t; f = fp; *f->ret = 0; diff --git a/libkeyring/dsaalg.c b/libkeyring/dsaalg.c index f94647bd..2af1edc9 100644 --- a/libkeyring/dsaalg.c +++ b/libkeyring/dsaalg.c @@ -154,13 +154,13 @@ dsa_freesig(void *a) } static void* -dsa_sign(BigInt md, void *key) +dsa_sign(mpint* md, void *key) { return dsasign((DSApriv*)key, md); } static int -dsa_verify(BigInt md, void *sig, void *key) +dsa_verify(mpint* md, void *sig, void *key) { return dsaverify((DSApub*)key, (DSAsig*)sig, md) == 0; } diff --git a/libkeyring/egalg.c b/libkeyring/egalg.c index 98567c95..3a914d0f 100644 --- a/libkeyring/egalg.c +++ b/libkeyring/egalg.c @@ -145,13 +145,13 @@ eg_genfrompk(void *vpub) } static void* -eg_sign(BigInt mp, void *key) +eg_sign(mpint* mp, void *key) { return egsign((EGpriv*)key, mp); } static int -eg_verify(BigInt mp, void *sig, void *key) +eg_verify(mpint* mp, void *sig, void *key) { return egverify((EGpub*)key, (EGsig*)sig, mp) == 0; } diff --git a/libkeyring/keys.h b/libkeyring/keys.h index fc57fd5c..ff1eb149 100644 --- a/libkeyring/keys.h +++ b/libkeyring/keys.h @@ -20,7 +20,7 @@ enum struct IPint { Keyring_IPint x; - BigInt b; + mpint* b; }; /* generic certificate */ @@ -98,8 +98,8 @@ struct SigAlgVec { void* (*gensk)(int); void* (*genskfrompk)(void*); - void* (*sign)(BigInt, void*); - int (*verify)(BigInt, void*, void*); + void* (*sign)(mpint*, void*); + int (*verify)(mpint*, void*, void*); void (*skfree)(void*); void (*pkfree)(void*); @@ -112,7 +112,7 @@ struct SigAlg SigAlgVec *vec; }; -int bigtobase64(BigInt b, char *buf, int blen); -BigInt base64tobig(char *str, char **strp); +int bigtobase64(mpint* b, char *buf, int blen); +mpint* base64tobig(char *str, char **strp); SigAlgVec* findsigalg(char*); -Keyring_IPint* newIPint(BigInt); +Keyring_IPint* newIPint(mpint*); diff --git a/libkeyring/rsaalg.c b/libkeyring/rsaalg.c index 3a1d8ae1..44c3c262 100644 --- a/libkeyring/rsaalg.c +++ b/libkeyring/rsaalg.c @@ -50,7 +50,7 @@ rsa_str2pk(char *str, char **strp) static void* rsa_str2sig(char *str, char **strp) { - BigInt rsa; + mpint *rsa; char *p; rsa = base64tobig(str, &p); @@ -101,7 +101,7 @@ rsa_pk2str(void *vrsa, char *buf, int len) static int rsa_sig2str(void *vrsa, char *buf, int len) { - BigInt rsa; + mpint *rsa; char *cp, *ep; rsa = vrsa; @@ -145,18 +145,18 @@ rsa_genfrompk(void *vpub) } static void* -rsa_sign(BigInt m, void *key) +rsa_sign(mpint* m, void *key) { return rsadecrypt((RSApriv*)key, m, nil); } static int -rsa_verify(BigInt m, void *sig, void *key) +rsa_verify(mpint* m, void *sig, void *key) { - BigInt t; + mpint *t; int r; - t = rsaencrypt((RSApub*)key, (BigInt)sig, nil); + t = rsaencrypt((RSApub*)key, (mpint*)sig, nil); r = mpcmp(t, m) == 0; mpfree(t); return r; @@ -177,7 +177,7 @@ rsa_freepub(void *a) static void rsa_freesig(void *a) { - mpfree((BigInt)a); + mpfree(a); } SigAlgVec* |