Timerix/tcp-chat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
d0d7d26671
tcp-chat/src/cryptography/RSA.c

241 lines
8.4 KiB
C
Raw Blame History

#include "RSA.h"
#include <assert.h>
#include "bearssl_x509.h"
#include "bearssl_pem.h"
#include "tlibc/base64.h"
// https://crypto.stackexchange.com/questions/3110/impacts-of-not-using-rsa-exponent-of-65537
#define DEFAULT_PUBLIC_EXPONENT 65537
Result(void) RSA_generateKeyPair(u32 key_size,
br_rsa_private_key* sk, br_rsa_public_key* pk,
const br_prng_class** rng_vtable_ptr)
{
Deferral(4);
bool success = false;
void* sk_buf = malloc(BR_RSA_KBUF_PRIV_SIZE(key_size));
void* pk_buf = malloc(BR_RSA_KBUF_PUB_SIZE(key_size));
Defer(
if(!success){
free(sk_buf);
free(pk_buf);
}
);
success = br_rsa_i31_keygen(rng_vtable_ptr, sk, sk_buf, pk, pk_buf, key_size, DEFAULT_PUBLIC_EXPONENT);
if(!success){
Return RESULT_ERROR("br_rsa_i31_keygen() failed", false);
}
Return RESULT_VOID;
}
Result(void) RSA_generateKeyPairFromSystemRandom(u32 key_size,
br_rsa_private_key* sk, br_rsa_public_key* pk)
{
Deferral(4);
br_hmac_drbg_context time_based_rng = { .vtable = &br_hmac_drbg_vtable };
rng_init_sha256_seedFromSystem(&time_based_rng.vtable);
try_void(RSA_generateKeyPair(key_size, sk, pk, &time_based_rng.vtable));
Return RESULT_VOID;
}
Result(void) RSA_generateKeyPairFromPassword(u32 key_size,
br_rsa_private_key* sk, br_rsa_public_key* pk, str password)
{
Deferral(4);
br_hmac_drbg_context password_based_rng = { .vtable = &br_hmac_drbg_vtable };
br_hmac_drbg_init(&password_based_rng, &br_sha256_vtable, password.data, password.size);
try_void(RSA_generateKeyPair(key_size, sk, pk, &password_based_rng.vtable));
Return RESULT_VOID;
}
Result(void) RSA_computePublicKey(const br_rsa_private_key* sk, br_rsa_public_key* pk){
Deferral(4);
br_rsa_compute_modulus compute_modulus = br_rsa_i31_compute_modulus;
br_rsa_compute_pubexp compute_pubexp = br_rsa_i31_compute_pubexp;
size_t modulus_size = compute_modulus(NULL, sk);
if (modulus_size == 0) {
Return RESULT_ERROR("compute_modulus", false);
}
void* modulus = malloc(modulus_size);
bool success = false;
Defer(
if(!success)
free(modulus)
);
if (compute_modulus(modulus, sk) != modulus_size) {
Return RESULT_ERROR("compute_modulus", false);
}
u32 pubexp_little_endian = compute_pubexp(sk);
if (pubexp_little_endian == 0) {
Return RESULT_ERROR("compute_pubexp", false);
}
u8 pubexp_big_endian[4];
pubexp_big_endian[0] = pubexp_little_endian >> 24;
pubexp_big_endian[1] = pubexp_little_endian >> 16;
pubexp_big_endian[2] = pubexp_little_endian >> 8;
pubexp_big_endian[3] = pubexp_little_endian;
pk->n = modulus;
pk->nlen = modulus_size;
pk->e = pubexp_big_endian;
pk->elen = sizeof pubexp_big_endian;
success = true;
Return RESULT_VOID;
}
str RSA_serializePrivateKey_base64(const br_rsa_private_key* sk){
u32 key_buffer_size = BR_RSA_KBUF_PRIV_SIZE(sk->n_bitlen);
u32 key_base64_size = base64_encodedSize(key_buffer_size);
char* serialized_buf = malloc(32 + key_base64_size);
sprintf(serialized_buf, "RSA-Private-%u:", sk->n_bitlen);
u32 offset = strlen(serialized_buf);
offset += base64_encode(sk->p, key_buffer_size, serialized_buf + offset);
serialized_buf[offset] = '\0';
return str_construct(serialized_buf, offset, true);
}
str RSA_serializePublicKey_base64(const br_rsa_public_key* pk){
u32 n_bitlen = pk->nlen * 8;
u32 key_buffer_size = BR_RSA_KBUF_PUB_SIZE(n_bitlen);
u32 key_base64_size = base64_encodedSize(key_buffer_size);
char* serialized_buf = malloc(32 + key_base64_size);
sprintf(serialized_buf, "RSA-Public-%u:", n_bitlen);
u32 offset = strlen(serialized_buf);
offset += base64_encode(pk->n, key_buffer_size, serialized_buf + offset);
serialized_buf[offset] = '\0';
return str_construct(serialized_buf, offset, true);
}
Result(void) RSA_parsePublicKey_base64(cstr src, br_rsa_public_key* pk){
Deferral(4);
u32 n_bitlen = 0;
if(sscanf(src, "RSA-Public-%u:", &n_bitlen) != 1){
Return RESULT_ERROR("can't parse key size", false);
}
u32 key_buffer_size = BR_RSA_KBUF_PUB_SIZE(n_bitlen);
pk->n = malloc(key_buffer_size);
pk->elen = 4;
pk->nlen = key_buffer_size - 4;
pk->e = pk->n + pk->nlen;
str src_str = str_from_cstr(src);
u32 offset = str_seekChar(src_str, ':', 10) + 1;
if(offset == 0){
Return RESULT_ERROR("missing ':' before key data", false);
}
str key_base64_str = src_str;
key_base64_str.data += offset;
key_base64_str.size -= offset;
u32 decoded_size = base64_decodedSize(key_base64_str.data, key_base64_str.size);
if(decoded_size != key_buffer_size){
Return RESULT_ERROR_FMT("decoded key size is %u, must be %u", decoded_size, key_buffer_size);
}
decoded_size = base64_decode(key_base64_str.data, key_base64_str.size, pk->n);
if(decoded_size != key_buffer_size){
Return RESULT_ERROR("key decoding failed", false);
}
Return RESULT_VOID;
}
Result(void) RSA_parsePrivateKey_base64(cstr src, br_rsa_private_key* sk){
Deferral(4);
u32 n_bitlen = 0;
if(sscanf(src, "RSA-Private-%u:", &n_bitlen) != 1){
Return RESULT_ERROR("can't parse key size", false);
}
sk->n_bitlen = n_bitlen;
u32 key_buffer_size = BR_RSA_KBUF_PRIV_SIZE(n_bitlen);
u32 field_len = key_buffer_size / 5;
sk->plen = sk->qlen = sk->dplen = sk->dqlen = sk->iqlen = field_len;
sk->p = malloc(key_buffer_size);
sk->q = sk->p + field_len;
sk->dp = sk->q + field_len;
sk->dq = sk->dp + field_len;
sk->iq = sk->dq + field_len;
str src_str = str_from_cstr(src);
u32 offset = str_seekChar(src_str, ':', 10) + 1;
if(offset == 0){
Return RESULT_ERROR("missing ':' before key data", false);
}
str key_base64_str = src_str;
key_base64_str.data += offset;
key_base64_str.size -= offset;
u32 decoded_size = base64_decodedSize(key_base64_str.data, key_base64_str.size);
if(decoded_size != key_buffer_size){
Return RESULT_ERROR_FMT("decoded key size is %u, must be %u", decoded_size, key_buffer_size);
}
decoded_size = base64_decode(key_base64_str.data, key_base64_str.size, sk->p);
if(decoded_size != key_buffer_size){
Return RESULT_ERROR("key decoding failed", false);
}
Return RESULT_VOID;
}
//////////////////////////////////////////////////////////////////////////////
// RSAEncryptor //
//////////////////////////////////////////////////////////////////////////////
void RSAEncryptor_construct(RSAEncryptor* ptr, const br_rsa_public_key* pk){
ptr->pk = pk;
ptr->rng.vtable = &br_hmac_drbg_vtable;
rng_init_sha256_seedFromSystem(&ptr->rng.vtable);
}
Result(u32) RSAEncryptor_encrypt(RSAEncryptor* ptr, Array(u8) src, Array(u8) dst){
u32 key_size_bytes = ptr->pk->nlen;
const u32 max_src_size = RSAEncryptor_calcMaxSrcSize(key_size_bytes * 8, 256);
if(src.size > max_src_size){
return RESULT_ERROR_FMT("src.size (%u) must be <= RSAEncryptor_calcMaxSrcSize() (%u)",
src.size, max_src_size);
}
if(dst.size < key_size_bytes){
return RESULT_ERROR_FMT("dst.size (%u) must be >= key length in bytes (%u)",
dst.size, key_size_bytes);
}
size_t sz = br_rsa_i31_oaep_encrypt(
&ptr->rng.vtable, &br_sha256_vtable,
NULL, 0,
ptr->pk,
dst.data, dst.size,
src.data, src.size);
if(sz == 0){
return RESULT_ERROR("RSA encryption failed", false);
}
return RESULT_VALUE(u, sz);
}
//////////////////////////////////////////////////////////////////////////////
// RSADecryptor //
//////////////////////////////////////////////////////////////////////////////
void RSADecryptor_construct(RSADecryptor* ptr, const br_rsa_private_key* sk){
ptr->sk = sk;
}
Result(u32) RSADecryptor_decrypt(RSADecryptor* ptr, Array(u8) buffer){
u32 key_size_bits = ptr->sk->n_bitlen;
if(buffer.size != key_size_bits/8){
return RESULT_ERROR_FMT("buffer.size (%u) must be == key length in bytes (%u)",
buffer.size, key_size_bits/8);
}
size_t sz = buffer.size;
size_t r = br_rsa_i31_oaep_decrypt(
&br_sha256_vtable,
NULL, 0,
ptr->sk,
buffer.data, &sz);
if(r == 0){
return RESULT_ERROR("RSA encryption failed", false);
}
return RESULT_VALUE(u, sz);
}
Reference in New Issue View Git Blame Copy Permalink