3 * OpenPGP MPI functions using OpenSSL BIGNUM code.
5 * Copyright (c) 2005 Marko Kreen
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * $PostgreSQL: pgsql/contrib/pgcrypto/pgp-mpi-openssl.c,v 1.5 2009/06/11 14:48:52 momjian Exp $
33 #include <openssl/bn.h>
42 BIGNUM *bn = BN_bin2bn(n->data, n->bytes, NULL);
46 if (BN_num_bits(bn) != n->bits)
48 px_debug("mpi_to_bn: bignum conversion failed: mpi=%d, bn=%d",
49 n->bits, BN_num_bits(bn));
62 res = pgp_mpi_alloc(BN_num_bits(bn), &n);
66 if (BN_num_bytes(bn) != n->bytes)
68 px_debug("bn_to_mpi: bignum conversion failed: bn=%d, mpi=%d",
69 BN_num_bytes(bn), n->bytes);
73 BN_bn2bin(bn, n->data);
78 * Decide the number of bits in the random componont k
80 * It should be in the same range as p for signing (which
81 * is deprecated), but can be much smaller for encrypting.
83 * Until I research it further, I just mimic gpg behaviour.
84 * It has a special mapping table, for values <= 5120,
85 * above that it uses 'arbitrary high number'. Following
86 * algorihm hovers 10-70 bits above gpg values. And for
87 * larger p, it uses gpg's algorihm.
89 * The point is - if k gets large, encryption will be
90 * really slow. It does not matter for decryption.
93 decide_k_bits(int p_bits)
96 return p_bits / 10 + 160;
98 return (p_bits / 8 + 200) * 3 / 2;
102 pgp_elgamal_encrypt(PGP_PubKey *pk, PGP_MPI *_m,
103 PGP_MPI **c1_p, PGP_MPI **c2_p)
105 int res = PXE_PGP_MATH_FAILED;
107 BIGNUM *m = mpi_to_bn(_m);
108 BIGNUM *p = mpi_to_bn(pk->pub.elg.p);
109 BIGNUM *g = mpi_to_bn(pk->pub.elg.g);
110 BIGNUM *y = mpi_to_bn(pk->pub.elg.y);
111 BIGNUM *k = BN_new();
112 BIGNUM *yk = BN_new();
113 BIGNUM *c1 = BN_new();
114 BIGNUM *c2 = BN_new();
115 BN_CTX *tmp = BN_CTX_new();
117 if (!m || !p || !g || !y || !k || !yk || !c1 || !c2 || !tmp)
123 k_bits = decide_k_bits(BN_num_bits(p));
124 if (!BN_rand(k, k_bits, 0, 0))
128 * c1 = g^k c2 = m * y^k
130 if (!BN_mod_exp(c1, g, k, p, tmp))
132 if (!BN_mod_exp(yk, y, k, p, tmp))
134 if (!BN_mod_mul(c2, m, yk, p, tmp))
138 *c1_p = bn_to_mpi(c1);
139 *c2_p = bn_to_mpi(c2);
165 pgp_elgamal_decrypt(PGP_PubKey *pk, PGP_MPI *_c1, PGP_MPI *_c2,
168 int res = PXE_PGP_MATH_FAILED;
169 BIGNUM *c1 = mpi_to_bn(_c1);
170 BIGNUM *c2 = mpi_to_bn(_c2);
171 BIGNUM *p = mpi_to_bn(pk->pub.elg.p);
172 BIGNUM *x = mpi_to_bn(pk->sec.elg.x);
173 BIGNUM *c1x = BN_new();
174 BIGNUM *div = BN_new();
175 BIGNUM *m = BN_new();
176 BN_CTX *tmp = BN_CTX_new();
178 if (!c1 || !c2 || !p || !x || !c1x || !div || !m || !tmp)
184 if (!BN_mod_exp(c1x, c1, x, p, tmp))
186 if (!BN_mod_inverse(div, c1x, p, tmp))
188 if (!BN_mod_mul(m, c2, div, p, tmp))
192 *msg_p = bn_to_mpi(m);
216 pgp_rsa_encrypt(PGP_PubKey *pk, PGP_MPI *_m, PGP_MPI **c_p)
218 int res = PXE_PGP_MATH_FAILED;
219 BIGNUM *m = mpi_to_bn(_m);
220 BIGNUM *e = mpi_to_bn(pk->pub.rsa.e);
221 BIGNUM *n = mpi_to_bn(pk->pub.rsa.n);
222 BIGNUM *c = BN_new();
223 BN_CTX *tmp = BN_CTX_new();
225 if (!m || !e || !n || !c || !tmp)
231 if (!BN_mod_exp(c, m, e, n, tmp))
252 pgp_rsa_decrypt(PGP_PubKey *pk, PGP_MPI *_c, PGP_MPI **m_p)
254 int res = PXE_PGP_MATH_FAILED;
255 BIGNUM *c = mpi_to_bn(_c);
256 BIGNUM *d = mpi_to_bn(pk->sec.rsa.d);
257 BIGNUM *n = mpi_to_bn(pk->pub.rsa.n);
258 BIGNUM *m = BN_new();
259 BN_CTX *tmp = BN_CTX_new();
261 if (!m || !d || !n || !c || !tmp)
267 if (!BN_mod_exp(m, c, d, n, tmp))