search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Correct PPTP server firewall rules chain.
[tomato/davidwu.git] / release / src / router / dropbear / gendss.c
blob21d13a04883055cb6ea0dbbd1cfdc2d8f302ace6
1 /*
2 * Dropbear - a SSH2 server
3 *
4 * Copyright (c) 2002,2003 Matt Johnston
5 * All rights reserved.
6 *
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
13 *
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
16 *
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
20 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
23 * SOFTWARE. */
24
25 #include "includes.h"
26 #include "dbutil.h"
27 #include "signkey.h"
28 #include "bignum.h"
29 #include "dbrandom.h"
30 #include "buffer.h"
31 #include "gendss.h"
32 #include "dss.h"
33
34 #define QSIZE 20 /* 160 bit */
35
36 /* This is just a test */
37
38 #ifdef DROPBEAR_DSS
39
40 static void getq(dropbear_dss_key *key);
41 static void getp(dropbear_dss_key *key, unsigned int size);
42 static void getg(dropbear_dss_key *key);
43 static void getx(dropbear_dss_key *key);
44 static void gety(dropbear_dss_key *key);
45
46 dropbear_dss_key * gen_dss_priv_key(unsigned int size) {
47
48 dropbear_dss_key *key;
49
50 if (size != 1024) {
51 dropbear_exit("DSS keys have a fixed size of 1024 bits");
52 }
53
54 key = m_malloc(sizeof(*key));
55
56 m_mp_alloc_init_multi(&key->p, &key->q, &key->g, &key->y, &key->x, NULL);
57
58 getq(key);
59 getp(key, size/8);
60 getg(key);
61 getx(key);
62 gety(key);
63
64 return key;
65
66 }
67
68 static void getq(dropbear_dss_key *key) {
69
70 char buf[QSIZE];
71
72 /* 160 bit prime */
73 genrandom(buf, QSIZE);
74 buf[0] |= 0x80; /* top bit high */
75 buf[QSIZE-1] |= 0x01; /* bottom bit high */
76
77 bytes_to_mp(key->q, buf, QSIZE);
78
79 /* 18 rounds are required according to HAC */
80 if (mp_prime_next_prime(key->q, 18, 0) != MP_OKAY) {
81 fprintf(stderr, "DSS key generation failed\n");
82 exit(1);
83 }
84 }
85
86 static void getp(dropbear_dss_key *key, unsigned int size) {
87
88 DEF_MP_INT(tempX);
89 DEF_MP_INT(tempC);
90 DEF_MP_INT(tempP);
91 DEF_MP_INT(temp2q);
92 int result;
93 unsigned char *buf;
94
95 m_mp_init_multi(&tempX, &tempC, &tempP, &temp2q, NULL);
96
97
98 /* 2*q */
99 if (mp_mul_d(key->q, 2, &temp2q) != MP_OKAY) {
100 fprintf(stderr, "DSS key generation failed\n");
101 exit(1);
102 }
103
104 buf = (unsigned char*)m_malloc(size);
105
106 result = 0;
107 do {
108
109 genrandom(buf, size);
110 buf[0] |= 0x80; /* set the top bit high */
111
112 /* X is a random mp_int */
113 bytes_to_mp(&tempX, buf, size);
114
115 /* C = X mod 2q */
116 if (mp_mod(&tempX, &temp2q, &tempC) != MP_OKAY) {
117 fprintf(stderr, "DSS key generation failed\n");
118 exit(1);
119 }
120
121 /* P = X - (C - 1) = X - C + 1*/
122 if (mp_sub(&tempX, &tempC, &tempP) != MP_OKAY) {
123 fprintf(stderr, "DSS key generation failed\n");
124 exit(1);
125 }
126
127 if (mp_add_d(&tempP, 1, key->p) != MP_OKAY) {
128 fprintf(stderr, "DSS key generation failed\n");
129 exit(1);
130 }
131
132 /* now check for prime, 5 rounds is enough according to HAC */
133 /* result == 1 => p is prime */
134 if (mp_prime_is_prime(key->p, 5, &result) != MP_OKAY) {
135 fprintf(stderr, "DSS key generation failed\n");
136 exit(1);
137 }
138 } while (!result);
139
140 mp_clear_multi(&tempX, &tempC, &tempP, &temp2q, NULL);
141 m_burn(buf, size);
142 m_free(buf);
143 }
144
145 static void getg(dropbear_dss_key * key) {
146
147 DEF_MP_INT(div);
148 DEF_MP_INT(h);
149 DEF_MP_INT(val);
150
151 m_mp_init_multi(&div, &h, &val, NULL);
152
153 /* get div=(p-1)/q */
154 if (mp_sub_d(key->p, 1, &val) != MP_OKAY) {
155 fprintf(stderr, "DSS key generation failed\n");
156 exit(1);
157 }
158 if (mp_div(&val, key->q, &div, NULL) != MP_OKAY) {
159 fprintf(stderr, "DSS key generation failed\n");
160 exit(1);
161 }
162
163 /* initialise h=1 */
164 mp_set(&h, 1);
165 do {
166 /* now keep going with g=h^div mod p, until g > 1 */
167 if (mp_exptmod(&h, &div, key->p, key->g) != MP_OKAY) {
168 fprintf(stderr, "DSS key generation failed\n");
169 exit(1);
170 }
171
172 if (mp_add_d(&h, 1, &h) != MP_OKAY) {
173 fprintf(stderr, "DSS key generation failed\n");
174 exit(1);
175 }
176
177 } while (mp_cmp_d(key->g, 1) != MP_GT);
178
179 mp_clear_multi(&div, &h, &val, NULL);
180 }
181
182 static void getx(dropbear_dss_key *key) {
183
184 gen_random_mpint(key->q, key->x);
185 }
186
187 static void gety(dropbear_dss_key *key) {
188
189 if (mp_exptmod(key->g, key->x, key->p, key->y) != MP_OKAY) {
190 fprintf(stderr, "DSS key generation failed\n");
191 exit(1);
192 }
193 }
194
195 #endif /* DROPBEAR_DSS */