2 * Copyright (c) 1991, 1993
3 * Dave Safford. All rights reserved.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. Neither the name of the University nor the names of its contributors
14 * may be used to endorse or promote products derived from this software
15 * without specific prior written permission.
17 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 * $FreeBSD: src/crypto/telnet/libtelnet/pk.c,v 1.2.2.4 2002/08/24 07:28:35 nsayer Exp $
31 * $DragonFly: src/crypto/telnet/libtelnet/pk.c,v 1.3 2005/01/11 13:22:41 joerg Exp $
34 /* public key routines */
36 genkeys(char *public, char *secret)
37 common_key(char *secret, char *public, desData *deskey)
38 pk_encode(char *in, *out, DesData *deskey);
39 pk_decode(char *in, *out, DesData *deskey);
41 char public[HEXKEYBYTES + 1];
42 char secret[HEXKEYBYTES + 1];
52 #include <openssl/bn.h>
53 #include <openssl/crypto.h>
54 #include <openssl/des.h>
55 #include <openssl/err.h>
59 static void adjust(char keyout[HEXKEYBYTES+1], char *keyin);
62 * Choose top 128 bits of the common key to use as our idea key.
65 extractideakey(BIGNUM *ck, IdeaData *ideakey)
69 BN_ULONG r, base = (1 << 8);
72 if ((z = BN_new()) == NULL)
73 errx(1, "could not create BIGNUM");
75 if ((a = BN_new()) == NULL)
76 errx(1, "could not create BIGNUM");
79 for (i = 0; i < ((KEYSIZE - 128) / 8); i++) {
80 r = BN_div_word(a, base);
83 for (i = 0; i < 16; i++) {
84 r = BN_div_word(a, base);
92 * Choose middle 64 bits of the common key to use as our des key, possibly
93 * overwriting the lower order bits by setting parity.
96 extractdeskey(BIGNUM *ck, DesData *deskey)
100 BN_ULONG r, base = (1 << 8);
103 if ((z = BN_new()) == NULL)
104 errx(1, "could not create BIGNUM");
106 if ((a = BN_new()) == NULL)
107 errx(1, "could not create BIGNUM");
110 for (i = 0; i < ((KEYSIZE - 64) / 2) / 8; i++) {
111 r = BN_div_word(a, base);
114 for (i = 0; i < 8; i++) {
115 r = BN_div_word(a, base);
123 * get common key from my secret key and his public key
126 common_key(char *xsecret, char *xpublic, IdeaData *ideakey, DesData *deskey)
128 BIGNUM *public, *secret, *common, *modulus;
131 if ((ctx = BN_CTX_new()) == NULL)
132 errx(1, "could not create BN_CTX");
133 if (BN_hex2bn(&modulus, HEXMODULUS) == NULL)
134 errx(1, "could not convert modulus");
135 if (BN_hex2bn(&public, xpublic) == NULL)
136 errx(1, "could not convert public");
137 if (BN_hex2bn(&secret, xsecret) == NULL)
138 errx(1, "could not convert secret");
140 if ((common = BN_new()) == NULL)
141 errx(1, "could not create BIGNUM");
143 BN_mod_exp(common, public, secret, modulus, ctx);
144 extractdeskey(common, deskey);
145 extractideakey(common, ideakey);
146 des_set_odd_parity(deskey);
158 getseed(char *seed, int seedsize)
162 for (i = 0; i < seedsize; i++) {
163 seed[i] = arc4random() & 0xff;
172 if ((n = BN_new()) == NULL)
173 errx(1, "could not create BIGNUM: %s",
174 ERR_error_string(ERR_get_error(), 0));
177 BN_add_word(n, (u_long)i);
179 BN_sub_word(n, (u_long)(-i));
184 * Generate a random public/secret key pair
187 genkeys(char *public, char *secret)
189 #define BASEBITS (8*sizeof (short) - 1)
190 #define BASE (short)(1 << BASEBITS)
194 unsigned short seed[KEYSIZE/BASEBITS + 1];
198 BIGNUM *pk, *sk, *tmp, *base, *root, *modulus;
206 if (BN_hex2bn(&modulus, HEXMODULUS) == NULL)
207 errx(1, "could not convert modulus to BIGNUM: %s",
208 ERR_error_string(ERR_get_error(), 0));
210 if ((ctx = BN_CTX_new()) == NULL)
211 errx(1, "could not create BN_CTX: %s",
212 ERR_error_string(ERR_get_error(), 0));
214 getseed((char *)seed, sizeof (seed));
215 for (i = 0; i < KEYSIZE/BASEBITS + 1; i++) {
219 BN_mul(sk, base, sk, ctx);
223 BN_div(tmp, sk, sk, modulus, ctx);
224 BN_mod_exp(pk, root, sk, modulus, ctx);
226 if ((xkey = BN_bn2hex(sk)) == NULL)
227 errx(1, "could convert sk to hex: %s",
228 ERR_error_string(ERR_get_error(), 0));
229 adjust(secret, xkey);
232 if ((xkey = BN_bn2hex(pk)) == NULL)
233 errx(1, "could convert pk to hex: %s",
234 ERR_error_string(ERR_get_error(), 0));
235 adjust(public, xkey);
247 * Adjust the input key so that it is 0-filled on the left
250 adjust(char keyout[HEXKEYBYTES+1], char *keyin)
255 for (p = keyin; *p; p++)
257 for (s = keyout + HEXKEYBYTES; p >= keyin; p--, s--) {
260 while (s >= keyout) {
265 static char hextab[17] = "0123456789ABCDEF";
267 /* given a DES key, cbc encrypt and translate input to terminated hex */
269 pk_encode(char *in, char *out, DesData *key)
276 memset(&i,0,sizeof(i));
277 memset(buf,0,sizeof(buf));
278 deslen = ((strlen(in) + 7)/8)*8;
279 des_key_sched(key, k);
280 des_cbc_encrypt(in,buf,deslen, k,&i,DES_ENCRYPT);
281 for (l=0,op=0;l<deslen;l++) {
282 out[op++] = hextab[(buf[l] & 0xf0) >> 4];
283 out[op++] = hextab[(buf[l] & 0x0f)];
288 /* given a DES key, translate input from hex and decrypt */
290 pk_decode(char *in, char *out, DesData *key)
298 memset(&i,0,sizeof(i));
299 memset(buf,0,sizeof(buf));
300 for (l=0,op=0;l<strlen(in)/2;l++,op+=2) {
302 n1 = in[op] - 'A' + 10;
306 n2 = in[op+1] - 'A' + 10;
311 des_key_sched(key, k);
312 des_cbc_encrypt(buf,out,strlen(in)/2, k,&i,DES_DECRYPT);
313 out[strlen(in)/2] = '\0';