]>
git.ipfire.org Git - thirdparty/openssl.git/blob - crypto/rsa/rsa_x931g.c
2 * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 * RSA low level APIs are deprecated for public use, but still ok for
14 #define OPENSSL_SUPPRESS_DEPRECATED
19 #include <openssl/err.h>
20 #include <openssl/bn.h>
21 #include "rsa_local.h"
23 /* X9.31 RSA key derivation and generation */
25 int RSA_X931_derive_ex(RSA
*rsa
, BIGNUM
*p1
, BIGNUM
*p2
, BIGNUM
*q1
,
26 BIGNUM
*q2
, const BIGNUM
*Xp1
, const BIGNUM
*Xp2
,
27 const BIGNUM
*Xp
, const BIGNUM
*Xq1
, const BIGNUM
*Xq2
,
28 const BIGNUM
*Xq
, const BIGNUM
*e
, BN_GENCB
*cb
)
30 BIGNUM
*r0
= NULL
, *r1
= NULL
, *r2
= NULL
, *r3
= NULL
;
31 BN_CTX
*ctx
= NULL
, *ctx2
= NULL
;
37 ctx
= BN_CTX_new_ex(rsa
->libctx
);
58 * If not all parameters present only calculate what we can. This allows
59 * test programs to output selective parameters.
62 if (Xp
&& rsa
->p
== NULL
) {
67 if (!BN_X931_derive_prime_ex(rsa
->p
, p1
, p2
,
68 Xp
, Xp1
, Xp2
, e
, ctx
, cb
))
72 if (Xq
&& rsa
->q
== NULL
) {
76 if (!BN_X931_derive_prime_ex(rsa
->q
, q1
, q2
,
77 Xq
, Xq1
, Xq2
, e
, ctx
, cb
))
81 if (rsa
->p
== NULL
|| rsa
->q
== NULL
) {
88 * Since both primes are set we can now calculate all remaining
96 if (!BN_mul(rsa
->n
, rsa
->p
, rsa
->q
, ctx
))
100 if (!BN_sub(r1
, rsa
->p
, BN_value_one()))
102 if (!BN_sub(r2
, rsa
->q
, BN_value_one()))
104 if (!BN_mul(r0
, r1
, r2
, ctx
))
105 goto err
; /* (p-1)(q-1) */
107 if (!BN_gcd(r3
, r1
, r2
, ctx
))
110 if (!BN_div(r0
, NULL
, r0
, r3
, ctx
))
111 goto err
; /* LCM((p-1)(q-1)) */
117 rsa
->d
= BN_mod_inverse(NULL
, rsa
->e
, r0
, ctx2
); /* d */
121 /* calculate d mod (p-1) */
122 rsa
->dmp1
= BN_new();
123 if (rsa
->dmp1
== NULL
)
125 if (!BN_mod(rsa
->dmp1
, rsa
->d
, r1
, ctx
))
128 /* calculate d mod (q-1) */
129 rsa
->dmq1
= BN_new();
130 if (rsa
->dmq1
== NULL
)
132 if (!BN_mod(rsa
->dmq1
, rsa
->d
, r2
, ctx
))
135 /* calculate inverse of q mod p */
136 rsa
->iqmp
= BN_mod_inverse(NULL
, rsa
->q
, rsa
->p
, ctx2
);
137 if (rsa
->iqmp
== NULL
)
150 int RSA_X931_generate_key_ex(RSA
*rsa
, int bits
, const BIGNUM
*e
,
154 BIGNUM
*Xp
= NULL
, *Xq
= NULL
;
157 ctx
= BN_CTX_new_ex(rsa
->libctx
);
162 Xp
= BN_CTX_get(ctx
);
163 Xq
= BN_CTX_get(ctx
);
166 if (!BN_X931_generate_Xpq(Xp
, Xq
, bits
, ctx
))
171 if (rsa
->p
== NULL
|| rsa
->q
== NULL
)
174 /* Generate two primes from Xp, Xq */
176 if (!BN_X931_generate_prime_ex(rsa
->p
, NULL
, NULL
, NULL
, NULL
, Xp
,
180 if (!BN_X931_generate_prime_ex(rsa
->q
, NULL
, NULL
, NULL
, NULL
, Xq
,
185 * Since rsa->p and rsa->q are valid this call will just derive remaining
189 if (!RSA_X931_derive_ex(rsa
, NULL
, NULL
, NULL
, NULL
,
190 NULL
, NULL
, NULL
, NULL
, NULL
, NULL
, e
, cb
))