1 /*-
2 * Copyright (c) 2012 Alistair Crooks <agc@NetBSD.org>
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 */
25 #include "config.h"
26
27 #include <sys/types.h>
28 #include <sys/syslog.h>
29
30 #ifdef _KERNEL
31 # include <sys/kmem.h>
32 #else
33 # include <stdio.h>
34 # include <stdlib.h>
35 # include <string.h>
36 # include <unistd.h>
37 #endif
38
39 #include "misc.h"
40 #include "digest.h"
41 #include "rsa.h"
42
43 #ifndef USE_ARG
44 #define USE_ARG(x) /*LINTED*/(void)&(x)
45 #endif
46
47 #define RSA_MAX_MODULUS_BITS 16384
48 #define RSA_SMALL_MODULUS_BITS 3072
49 #define RSA_MAX_PUBEXP_BITS 64 /* exponent limit enforced for "large" modulus only */
50
51 static int
rsa_padding_check_none(uint8_t * to,int tlen,const uint8_t * from,int flen,int num)52 rsa_padding_check_none(uint8_t *to, int tlen, const uint8_t *from, int flen, int num)
53 {
54 USE_ARG(num);
55 if (flen > tlen) {
56 printf("r too large\n");
57 return -1;
58 }
59 (void) memset(to, 0x0, tlen - flen);
60 (void) memcpy(to + tlen - flen, from, flen);
61 return tlen;
62 }
63
64 static int
lowlevel_rsa_private_encrypt(int plainc,const unsigned char * plain,unsigned char * encbuf,RSA * rsa)65 lowlevel_rsa_private_encrypt(int plainc, const unsigned char *plain, unsigned char *encbuf, RSA *rsa)
66 {
67 BIGNUM *decbn;
68 BIGNUM *signedbn;
69 uint8_t *decbuf;
70 int nbytes;
71 int signc;
72 int signedbytes;
73 int r;
74
75 decbuf = NULL;
76 r = -1;
77 decbn = BN_new();
78 signedbn = BN_new();
79 nbytes = BN_num_bytes(rsa->n);
80 decbuf = netpgp_allocate(1, nbytes);
81 /* add no padding */
82 memcpy(decbuf, plain, plainc);
83 BN_bin2bn(decbuf, nbytes, decbn);
84 if (BN_cmp(decbn, rsa->n) >= 0) {
85 printf("decbn too big\n");
86 goto err;
87 }
88 if (!BN_mod_exp(signedbn, decbn, rsa->d, rsa->n, NULL)) {
89 printf("bad mod_exp\n");
90 goto err;
91 }
92 signedbytes = BN_num_bytes(signedbn);
93 signc = BN_bn2bin(signedbn, &encbuf[nbytes - signedbytes]);
94 memset(encbuf, 0x0, nbytes - signc);
95 r = nbytes;
96 err:
97 netpgp_deallocate(decbuf, nbytes);
98 BN_clear_free(decbn);
99 BN_clear_free(signedbn);
100 return r;
101 }
102
103 static int
lowlevel_rsa_public_encrypt(int plainc,const unsigned char * plain,unsigned char * encbuf,RSA * rsa)104 lowlevel_rsa_public_encrypt(int plainc, const unsigned char *plain, unsigned char *encbuf, RSA *rsa)
105 {
106 BIGNUM *decbn;
107 BIGNUM *encbn;
108 uint8_t *decbuf;
109 int nbytes;
110 int encc;
111 int r;
112 int i;
113
114 r = -1;
115 decbn = BN_new();
116 encbn = BN_new();
117 nbytes = BN_num_bytes(rsa->n);
118 decbuf = netpgp_allocate(1, nbytes);
119 (void) memcpy(decbuf, plain, plainc);
120 if (BN_bin2bn(decbuf, nbytes, decbn) == NULL) {
121 printf("bin2bn failed\n");
122 goto err;
123 }
124 if (BN_cmp(decbn, rsa->n) >= 0) {
125 printf("BN_cmp failed\n");
126 goto err;
127 }
128 if (!BN_mod_exp(encbn, decbn, rsa->e, rsa->n, NULL)) {
129 printf("BN_mod_exp failed\n");
130 goto err;
131 }
132 encc = BN_num_bytes(encbn);
133 i = BN_bn2bin(encbn, &encbuf[nbytes - encc]);
134 (void) memset(encbuf, 0x0, nbytes - i);
135 r = nbytes;
136 err:
137 if (decbuf) {
138 memset(decbuf, 0x0, nbytes);
139 netpgp_deallocate(decbuf, nbytes);
140 }
141 BN_clear_free(decbn);
142 BN_clear_free(encbn);
143 return r;
144 }
145
146 static int
lowlevel_rsa_private_decrypt(int enclen,const unsigned char * encbuf,unsigned char * to,RSA * rsa)147 lowlevel_rsa_private_decrypt(int enclen, const unsigned char *encbuf, unsigned char *to, RSA *rsa)
148 {
149 BIGNUM *encbn;
150 BIGNUM *decbn;
151 uint8_t *buf;
152 int nbytes;
153 int j;
154 int r;
155
156 r = -1;
157 decbn = encbn = NULL;
158 buf = NULL;
159 if (BN_num_bits(rsa->n) > RSA_MAX_MODULUS_BITS) {
160 return -1;
161 }
162 if (BN_cmp(rsa->n, rsa->e) <= 0) {
163 return -1;
164 }
165 encbn = BN_new();
166 decbn = BN_new();
167 nbytes = BN_num_bytes(rsa->n);
168 buf = netpgp_allocate(1, nbytes);
169 if (enclen > nbytes) {
170 printf("bad enclen\n");
171 goto err;
172 }
173 BN_bin2bn(encbuf, enclen, encbn);
174 if (BN_cmp(encbn, rsa->n) >= 0) {
175 printf("bad encbn\n");
176 goto err;
177 }
178 BN_mod_exp(decbn, encbn, rsa->d, rsa->n, NULL);
179 j = BN_bn2bin(decbn, buf);
180 r = rsa_padding_check_none(to, nbytes, buf, j, nbytes);
181 err:
182 BN_clear_free(encbn);
183 BN_clear_free(decbn);
184 netpgp_deallocate(buf, nbytes);
185 return r;
186 }
187
188 static int
lowlevel_rsa_public_decrypt(const uint8_t * encbuf,int enclen,uint8_t * dec,const rsa_pubkey_t * rsa)189 lowlevel_rsa_public_decrypt(const uint8_t *encbuf, int enclen, uint8_t *dec, const rsa_pubkey_t *rsa)
190 {
191 uint8_t *decbuf;
192 BIGNUM *decbn;
193 BIGNUM *encbn;
194 int decbytes;
195 int nbytes;
196 int r;
197
198 nbytes = 0;
199 r = -1;
200 decbuf = NULL;
201 decbn = encbn = NULL;
202 if (BN_num_bits(rsa->n) > RSA_MAX_MODULUS_BITS) {
203 printf("rsa r modulus too large\n");
204 goto err;
205 }
206 if (BN_cmp(rsa->n, rsa->e) <= 0) {
207 printf("rsa r bad n value\n");
208 goto err;
209 }
210 if (BN_num_bits(rsa->n) > RSA_SMALL_MODULUS_BITS &&
211 BN_num_bits(rsa->e) > RSA_MAX_PUBEXP_BITS) {
212 printf("rsa r bad exponent limit\n");
213 goto err;
214 }
215 if ((encbn = BN_new()) == NULL ||
216 (decbn = BN_new()) == NULL ||
217 (decbuf = netpgp_allocate(1, nbytes = BN_num_bytes(rsa->n))) == NULL) {
218 printf("allocation failure\n");
219 goto err;
220 }
221 if (enclen > nbytes) {
222 printf("rsa r > mod len\n");
223 goto err;
224 }
225 if (BN_bin2bn(encbuf, enclen, encbn) == NULL) {
226 printf("null encrypted BN\n");
227 goto err;
228 }
229 if (BN_cmp(encbn, rsa->n) >= 0) {
230 printf("rsa r data too large for modulus\n");
231 goto err;
232 }
233 if (BN_mod_exp(decbn, encbn, rsa->e, rsa->n, NULL) < 0) {
234 printf("BN_mod_exp < 0\n");
235 goto err;
236 }
237 decbytes = BN_num_bytes(decbn);
238 (void) BN_bn2bin(decbn, decbuf);
239 if ((r = rsa_padding_check_none(dec, nbytes, decbuf, decbytes, 0)) < 0) {
240 printf("rsa r padding check failed\n");
241 }
242 err:
243 BN_free(encbn);
244 BN_free(decbn);
245 if (decbuf != NULL) {
246 (void) memset(decbuf, 0x0, nbytes);
247 netpgp_deallocate(decbuf, nbytes);
248 }
249 return r;
250 }
251
252 #if 0
253 /**
254 @file rsa_make_key.c
255 RSA key generation, Tom St Denis
256 */
257
258 /**
259 Create an RSA key
260 @param prng An active PRNG state
261 @param wprng The index of the PRNG desired
262 @param size The size of the modulus (key size) desired (octets)
263 @param e The "e" value (public key). e==65537 is a good choice
264 @param key [out] Destination of a newly created private key pair
265 @return CRYPT_OK if successful, upon error all allocated ram is freed
266 */
267 static int
268 rsa_make_key(prng_state *prng, int wprng, int size, long e, rsa_key *key)
269 {
270 void *p, *q, *tmp1, *tmp2, *tmp3;
271 int err;
272
273 LTC_ARGCHK(ltc_mp.name != NULL);
274 LTC_ARGCHK(key != NULL);
275
276 if ((size < (MIN_RSA_SIZE/8)) || (size > (MAX_RSA_SIZE/8))) {
277 return CRYPT_INVALID_KEYSIZE;
278 }
279
280 if ((e < 3) || ((e & 1) == 0)) {
281 return CRYPT_INVALID_ARG;
282 }
283
284 if ((err = prng_is_valid(wprng)) != CRYPT_OK) {
285 return err;
286 }
287
288 if ((err = mp_init_multi(&p, &q, &tmp1, &tmp2, &tmp3, NULL)) != CRYPT_OK) {
289 return err;
290 }
291
292 /* make primes p and q (optimization provided by Wayne Scott) */
293 /* tmp3 = e */
294 if ((err = mp_set_int(tmp3, e)) != CRYPT_OK) {
295 goto errkey;
296 }
297
298 /* make prime "p" */
299 do {
300 if ((err = rand_prime( p, size/2, prng, wprng)) != CRYPT_OK) {
301 goto errkey;
302 }
303 /* tmp1 = p-1 */
304 if ((err = mp_sub_d( p, 1, tmp1)) != CRYPT_OK) {
305 goto errkey;
306 }
307 /* tmp2 = gcd(p-1, e) */
308 if ((err = mp_gcd( tmp1, tmp3, tmp2)) != CRYPT_OK) {
309 goto errkey;
310 }
311 } while (mp_cmp_d( tmp2, 1) != 0);
312 /* while e divides p-1 */
313
314 /* make prime "q" */
315 do {
316 if ((err = rand_prime( q, size/2, prng, wprng)) != CRYPT_OK) {
317 goto errkey;
318 }
319 /* tmp1 = q-1 */
320 if ((err = mp_sub_d( q, 1, tmp1)) != CRYPT_OK) {
321 goto errkey;
322 }
323 /* tmp2 = gcd(q-1, e) */
324 if ((err = mp_gcd( tmp1, tmp3, tmp2)) != CRYPT_OK) {
325 goto errkey;
326 }
327 } while (mp_cmp_d( tmp2, 1) != 0);
328 /* while e divides q-1 */
329
330 /* tmp1 = lcm(p-1, q-1) */
331 /* tmp2 = p-1 */
332 if ((err = mp_sub_d( p, 1, tmp2)) != CRYPT_OK) {
333 goto errkey;
334 }
335 /* tmp1 = q-1 (previous do/while loop) */
336 /* tmp1 = lcm(p-1, q-1) */
337 if ((err = mp_lcm( tmp1, tmp2, tmp1)) != CRYPT_OK) {
338 goto errkey;
339 }
340
341 /* make key */
342 if ((err = mp_init_multi(&key->e, &key->d, &key->N, &key->dQ, &key->dP, &key->qP, &key->p, &key->q, NULL)) != CRYPT_OK) {
343 goto errkey;
344 }
345
346 /* key->e = e */
347 if ((err = mp_set_int( key->e, e)) != CRYPT_OK) {
348 goto errkey;
349 }
350 /* key->d = 1/e mod lcm(p-1,q-1) */
351 if ((err = mp_invmod( key->e, tmp1, key->d)) != CRYPT_OK) {
352 goto errkey;
353 }
354 /* key->N = pq */
355 if ((err = mp_mul( p, q, key->N)) != CRYPT_OK) {
356 goto errkey;
357 }
358
359 /* optimize for CRT now */
360 /* find d mod q-1 and d mod p-1 */
361 /* tmp1 = q-1 */
362 if ((err = mp_sub_d( p, 1, tmp1)) != CRYPT_OK) {
363 goto errkey;
364 }
365 /* tmp2 = p-1 */
366 if ((err = mp_sub_d( q, 1, tmp2)) != CRYPT_OK) {
367 goto errkey;
368 }
369 /* dP = d mod p-1 */
370 if ((err = mp_mod( key->d, tmp1, key->dP)) != CRYPT_OK) {
371 goto errkey;
372 }
373 /* dQ = d mod q-1 */
374 if ((err = mp_mod( key->d, tmp2, key->dQ)) != CRYPT_OK) {
375 goto errkey;
376 }
377 /* qP = 1/q mod p */
378 if ((err = mp_invmod( q, p, key->qP)) != CRYPT_OK) {
379 got oerrkey;
380 }
381
382 if ((err = mp_copy( p, key->p)) != CRYPT_OK) {
383 goto errkey;
384 }
385 if ((err = mp_copy( q, key->q)) != CRYPT_OK) {
386 goto errkey;
387 }
388
389 /* set key type (in this case it's CRT optimized) */
390 key->type = PK_PRIVATE;
391
392 /* return ok and free temps */
393 err = CRYPT_OK;
394 goto cleanup;
395 errkey:
396 mp_clear_multi(key->d, key->e, key->N, key->dQ, key->dP, key->qP, key->p, key->q, NULL);
397 cleanup:
398 mp_clear_multi(tmp3, tmp2, tmp1, p, q, NULL);
399 return err;
400 }
401 #endif
402
403 #define HASHBUF_LEN 512
404
405 #define DSA_MAX_MODULUS_BITS 10000
406
407 static int
dsa_do_verify(const unsigned char * calculated,int dgst_len,const dsasig_t * sig,mpi_dsa_t * dsa)408 dsa_do_verify(const unsigned char *calculated, int dgst_len, const dsasig_t *sig, mpi_dsa_t *dsa)
409 {
410 BIGNUM *M;
411 BIGNUM *W;
412 BIGNUM *t1;
413 int ret = -1;
414 int qbits;
415
416 if (dsa->p == NULL || dsa->q == NULL || dsa->g == NULL) {
417 return 0;
418 }
419 M = W = t1 = NULL;
420 qbits = BN_num_bits(dsa->q);
421 switch(qbits) {
422 case 160:
423 case 224:
424 case 256:
425 /* openssl sources say these are the valid values */
426 /* according to FIPS 186-3 */
427 break;
428 default:
429 printf("dsa: bad # of Q bits\n");
430 return 0;
431 }
432 if (BN_num_bits(dsa->p) > DSA_MAX_MODULUS_BITS) {
433 printf("dsa: p too large\n");
434 return 0;
435 }
436 /* no love for SHA512? */
437 if (dgst_len > SHA256_DIGEST_LENGTH) {
438 printf("dsa: digest too long\n");
439 return 0;
440 }
441 ret = 0;
442 if ((M = BN_new()) == NULL ||
443 (W = BN_new()) == NULL ||
444 (t1 = BN_new()) == NULL) {
445 goto err;
446 }
447 if (BN_is_zero(sig->r) ||
448 BN_is_negative(sig->r) ||
449 BN_cmp(sig->r, dsa->q) >= 0) {
450 goto err;
451 }
452 if (BN_is_zero(sig->s) ||
453 BN_is_negative(sig->s) ||
454 BN_cmp(sig->s, dsa->q) >= 0) {
455 goto err;
456 }
457 if (BN_mod_inverse(W, sig->s, dsa->q, NULL) != MP_OKAY) {
458 goto err;
459 }
460 if (dgst_len > qbits / 8) {
461 dgst_len = qbits / 8;
462 }
463 if (BN_bin2bn(calculated, dgst_len, M) == NULL) {
464 goto err;
465 }
466 if (!BN_mod_mul(M, M, W, dsa->q, NULL)) {
467 goto err;
468 }
469 if (!BN_mod_mul(W, sig->r, W, dsa->q, NULL)) {
470 goto err;
471 }
472 if (!BN_mod_exp(dsa->p, t1, dsa->g, M, NULL)) {
473 goto err;
474 }
475 if (!BN_div(NULL, M, t1, dsa->q, NULL)) {
476 goto err;
477 }
478 ret = (BN_cmp(M, sig->r) == 0);
479 err:
480 if (M) {
481 BN_free(M);
482 }
483 if (W) {
484 BN_free(W);
485 }
486 if (t1) {
487 BN_free(t1);
488 }
489 return ret;
490 }
491
492 /*************************************************************************/
493
494 int
RSA_size(const RSA * rsa)495 RSA_size(const RSA *rsa)
496 {
497 return (rsa == NULL) ? 0 : BN_num_bits(rsa->n);
498 }
499
500 int
DSA_size(const DSA * dsa)501 DSA_size(const DSA *dsa)
502 {
503 return (dsa == NULL) ? 0 : BN_num_bits(dsa->p);
504 }
505
506 unsigned
dsa_verify(const signature_t * signature,const dsa_pubkey_t * pubdsa,const uint8_t * calculated,size_t hash_length)507 dsa_verify(const signature_t *signature, const dsa_pubkey_t *pubdsa, const uint8_t *calculated, size_t hash_length)
508 {
509 mpi_dsa_t odsa;
510 dsasig_t osig;
511 unsigned qlen;
512 int ret;
513
514 if (signature == NULL || pubdsa == NULL || calculated == NULL) {
515 return -1;
516 }
517 (void) memset(&osig, 0x0, sizeof(osig));
518 (void) memset(&odsa, 0x0, sizeof(odsa));
519 BN_copy(osig.r, signature->dsa.r);
520 BN_copy(osig.s, signature->dsa.s);
521 odsa.p = pubdsa->p;
522 odsa.q = pubdsa->q;
523 odsa.g = pubdsa->g;
524 odsa.pub_key = pubdsa->y;
525 if ((qlen = BN_num_bytes(odsa.q)) < hash_length) {
526 hash_length = qlen;
527 }
528 ret = dsa_do_verify(calculated, (int)hash_length, &signature->dsa, &odsa);
529 if (ret < 0) {
530 return 0;
531 }
532 BN_free(odsa.p);
533 BN_free(odsa.q);
534 BN_free(odsa.g);
535 BN_free(odsa.pub_key);
536 odsa.p = odsa.q = odsa.g = odsa.pub_key = NULL;
537 BN_free(osig.r);
538 BN_free(osig.s);
539 osig.r = osig.s = NULL;
540 return (unsigned)ret;
541 }
542
543 RSA *
RSA_new(void)544 RSA_new(void)
545 {
546 return netpgp_allocate(1, sizeof(RSA));
547 }
548
549 void
RSA_free(RSA * rsa)550 RSA_free(RSA *rsa)
551 {
552 if (rsa) {
553 netpgp_deallocate(rsa, sizeof(*rsa));
554 }
555 }
556
557 int
RSA_check_key(RSA * rsa)558 RSA_check_key(RSA *rsa)
559 {
560 BIGNUM *calcn;
561 int ret;
562
563 ret = 0;
564 if (rsa == NULL || rsa->p == NULL || rsa->q == NULL || rsa->n == NULL) {
565 return -1;
566 }
567 /* check that p and q are coprime, and that n = p*q. */
568 if (!BN_is_prime(rsa->p, 1, NULL, NULL, NULL) ||
569 !BN_is_prime(rsa->q, 1, NULL, NULL, NULL)) {
570 return 0;
571 }
572 calcn = BN_new();
573 BN_mul(calcn, rsa->p, rsa->q, NULL);
574 if (BN_cmp(calcn, rsa->n) != 0) {
575 goto errout;
576 }
577 /* XXX - check that d*e = 1 mod (p-1*q-1) */
578 ret = 1;
579 errout:
580 BN_clear_free(calcn);
581 return ret;
582 }
583
584 RSA *
RSA_generate_key(int num,unsigned long e,void (* callback)(int,int,void *),void * cb_arg)585 RSA_generate_key(int num, unsigned long e, void (*callback)(int,int,void *), void *cb_arg)
586 {
587 /* STUBBED */
588 USE_ARG(num);
589 USE_ARG(e);
590 USE_ARG(callback);
591 USE_ARG(cb_arg);
592 printf("RSA_generate_key stubbed\n");
593 return RSA_new();
594 }
595
596 /* encrypt */
597 int
RSA_public_encrypt(int plainc,const unsigned char * plain,unsigned char * encbuf,RSA * rsa,int padding)598 RSA_public_encrypt(int plainc, const unsigned char *plain, unsigned char *encbuf, RSA *rsa, int padding)
599 {
600 USE_ARG(padding);
601 if (plain == NULL || encbuf == NULL || rsa == NULL) {
602 return -1;
603 }
604 return lowlevel_rsa_public_encrypt(plainc, plain, encbuf, rsa);
605 }
606
607 /* decrypt */
608 int
RSA_private_decrypt(int flen,const unsigned char * from,unsigned char * to,RSA * rsa,int padding)609 RSA_private_decrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
610 {
611 USE_ARG(padding);
612 if (from == NULL || to == NULL || rsa == NULL) {
613 return -1;
614 }
615 return lowlevel_rsa_private_decrypt(flen, from, to, rsa);
616 }
617
618 /* sign */
619 int
RSA_private_encrypt(int plainc,const unsigned char * plain,unsigned char * encbuf,RSA * rsa,int padding)620 RSA_private_encrypt(int plainc, const unsigned char *plain, unsigned char *encbuf, RSA *rsa, int padding)
621 {
622 USE_ARG(padding);
623 if (plain == NULL || encbuf == NULL || rsa == NULL) {
624 return -1;
625 }
626 return lowlevel_rsa_private_encrypt(plainc, plain, encbuf, rsa);
627 }
628
629 /* verify */
630 int
RSA_public_decrypt(int enclen,const unsigned char * enc,unsigned char * dec,RSA * rsa,int padding)631 RSA_public_decrypt(int enclen, const unsigned char *enc, unsigned char *dec, RSA *rsa, int padding)
632 {
633 rsa_pubkey_t pub;
634 int ret;
635
636 if (enc == NULL || dec == NULL || rsa == NULL) {
637 return 0;
638 }
639 USE_ARG(padding);
640 (void) memset(&pub, 0x0, sizeof(pub));
641 pub.n = BN_dup(rsa->n);
642 pub.e = BN_dup(rsa->e);
643 ret = lowlevel_rsa_public_decrypt(enc, enclen, dec, &pub);
644 BN_free(pub.n);
645 BN_free(pub.e);
646 return ret;
647 }
648
649 /***********************************************************************/
650
651 DSA *
DSA_new(void)652 DSA_new(void)
653 {
654 return netpgp_allocate(1, sizeof(DSA));
655 }
656
657 void
DSA_free(DSA * dsa)658 DSA_free(DSA *dsa)
659 {
660 if (dsa) {
661 netpgp_deallocate(dsa, sizeof(*dsa));
662 }
663 }
664
665 DSA_SIG *
DSA_SIG_new(void)666 DSA_SIG_new(void)
667 {
668 return netpgp_allocate(1, sizeof(DSA_SIG));
669 }
670
671 void
DSA_SIG_free(DSA_SIG * sig)672 DSA_SIG_free(DSA_SIG *sig)
673 {
674 if (sig) {
675 netpgp_deallocate(sig, sizeof(*sig));
676 }
677 }
678
679 DSA_SIG *
DSA_do_sign(const unsigned char * dgst,int dlen,DSA * dsa)680 DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
681 {
682 /* STUBBED */
683 USE_ARG(dgst);
684 USE_ARG(dlen);
685 USE_ARG(dsa);
686 printf("DSA_do_sign stubbed\n");
687 return DSA_SIG_new();
688 }
689
690 int
DSA_do_verify(const unsigned char * dgst,int dgst_len,DSA_SIG * sig,DSA * dsa)691 DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa)
692 {
693 if (dgst == NULL || dgst_len == 0 || sig == NULL || dsa == NULL) {
694 return -1;
695 }
696 return dsa_do_verify(dgst, dgst_len, sig, dsa);
697 }
698