]>
Commit | Line | Data |
---|---|---|
8735ee6f | 1 | /* crypto/rsa/rsa_chk.c -*- Mode: C; c-file-style: "eay" -*- */ |
6519b2cb BM |
2 | /* ==================================================================== |
3 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. | |
4 | * | |
5 | * Redistribution and use in source and binary forms, with or without | |
6 | * modification, are permitted provided that the following conditions | |
7 | * are met: | |
8 | * | |
9 | * 1. Redistributions of source code must retain the above copyright | |
40720ce3 | 10 | * notice, this list of conditions and the following disclaimer. |
6519b2cb BM |
11 | * |
12 | * 2. Redistributions in binary form must reproduce the above copyright | |
13 | * notice, this list of conditions and the following disclaimer in | |
14 | * the documentation and/or other materials provided with the | |
15 | * distribution. | |
16 | * | |
17 | * 3. All advertising materials mentioning features or use of this | |
18 | * software must display the following acknowledgment: | |
19 | * "This product includes software developed by the OpenSSL Project | |
20 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | |
21 | * | |
22 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
23 | * endorse or promote products derived from this software without | |
24 | * prior written permission. For written permission, please contact | |
25 | * openssl-core@OpenSSL.org. | |
26 | * | |
27 | * 5. Products derived from this software may not be called "OpenSSL" | |
28 | * nor may "OpenSSL" appear in their names without prior written | |
29 | * permission of the OpenSSL Project. | |
30 | * | |
31 | * 6. Redistributions of any form whatsoever must retain the following | |
32 | * acknowledgment: | |
33 | * "This product includes software developed by the OpenSSL Project | |
34 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | |
35 | * | |
36 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
37 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
38 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
39 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
40 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
41 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
42 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
43 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
44 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
45 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
46 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
47 | * OF THE POSSIBILITY OF SUCH DAMAGE. | |
48 | * ==================================================================== | |
49 | */ | |
50 | ||
51 | #include <openssl/bn.h> | |
52 | #include <openssl/err.h> | |
53 | #include <openssl/rsa.h> | |
54 | ||
29c1f061 | 55 | int RSA_check_key(const RSA *key) |
40720ce3 MC |
56 | { |
57 | BIGNUM *i, *j, *k, *l, *m; | |
58 | BN_CTX *ctx; | |
59 | int r; | |
60 | int ret = 1; | |
61 | ||
62 | i = BN_new(); | |
63 | j = BN_new(); | |
64 | k = BN_new(); | |
65 | l = BN_new(); | |
66 | m = BN_new(); | |
67 | ctx = BN_CTX_new(); | |
68 | if (i == NULL || j == NULL || k == NULL || l == NULL || | |
69 | m == NULL || ctx == NULL) { | |
70 | ret = -1; | |
71 | RSAerr(RSA_F_RSA_CHECK_KEY, ERR_R_MALLOC_FAILURE); | |
72 | goto err; | |
73 | } | |
74 | ||
75 | /* p prime? */ | |
76 | r = BN_is_prime_ex(key->p, BN_prime_checks, NULL, NULL); | |
77 | if (r != 1) { | |
78 | ret = r; | |
79 | if (r != 0) | |
80 | goto err; | |
81 | RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_P_NOT_PRIME); | |
82 | } | |
83 | ||
84 | /* q prime? */ | |
85 | r = BN_is_prime_ex(key->q, BN_prime_checks, NULL, NULL); | |
86 | if (r != 1) { | |
87 | ret = r; | |
88 | if (r != 0) | |
89 | goto err; | |
90 | RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_Q_NOT_PRIME); | |
91 | } | |
92 | ||
93 | /* n = p*q? */ | |
94 | r = BN_mul(i, key->p, key->q, ctx); | |
95 | if (!r) { | |
96 | ret = -1; | |
97 | goto err; | |
98 | } | |
99 | ||
100 | if (BN_cmp(i, key->n) != 0) { | |
101 | ret = 0; | |
102 | RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_N_DOES_NOT_EQUAL_P_Q); | |
103 | } | |
104 | ||
105 | /* d*e = 1 mod lcm(p-1,q-1)? */ | |
106 | ||
107 | r = BN_sub(i, key->p, BN_value_one()); | |
108 | if (!r) { | |
109 | ret = -1; | |
110 | goto err; | |
111 | } | |
112 | r = BN_sub(j, key->q, BN_value_one()); | |
113 | if (!r) { | |
114 | ret = -1; | |
115 | goto err; | |
116 | } | |
117 | ||
118 | /* now compute k = lcm(i,j) */ | |
119 | r = BN_mul(l, i, j, ctx); | |
120 | if (!r) { | |
121 | ret = -1; | |
122 | goto err; | |
123 | } | |
124 | r = BN_gcd(m, i, j, ctx); | |
125 | if (!r) { | |
126 | ret = -1; | |
127 | goto err; | |
128 | } | |
129 | r = BN_div(k, NULL, l, m, ctx); /* remainder is 0 */ | |
130 | if (!r) { | |
131 | ret = -1; | |
132 | goto err; | |
133 | } | |
134 | ||
135 | r = BN_mod_mul(i, key->d, key->e, k, ctx); | |
136 | if (!r) { | |
137 | ret = -1; | |
138 | goto err; | |
139 | } | |
140 | ||
141 | if (!BN_is_one(i)) { | |
142 | ret = 0; | |
143 | RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_D_E_NOT_CONGRUENT_TO_1); | |
144 | } | |
145 | ||
146 | if (key->dmp1 != NULL && key->dmq1 != NULL && key->iqmp != NULL) { | |
147 | /* dmp1 = d mod (p-1)? */ | |
148 | r = BN_sub(i, key->p, BN_value_one()); | |
149 | if (!r) { | |
150 | ret = -1; | |
151 | goto err; | |
152 | } | |
153 | ||
154 | r = BN_mod(j, key->d, i, ctx); | |
155 | if (!r) { | |
156 | ret = -1; | |
157 | goto err; | |
158 | } | |
159 | ||
160 | if (BN_cmp(j, key->dmp1) != 0) { | |
161 | ret = 0; | |
162 | RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_DMP1_NOT_CONGRUENT_TO_D); | |
163 | } | |
164 | ||
165 | /* dmq1 = d mod (q-1)? */ | |
166 | r = BN_sub(i, key->q, BN_value_one()); | |
167 | if (!r) { | |
168 | ret = -1; | |
169 | goto err; | |
170 | } | |
171 | ||
172 | r = BN_mod(j, key->d, i, ctx); | |
173 | if (!r) { | |
174 | ret = -1; | |
175 | goto err; | |
176 | } | |
177 | ||
178 | if (BN_cmp(j, key->dmq1) != 0) { | |
179 | ret = 0; | |
180 | RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_DMQ1_NOT_CONGRUENT_TO_D); | |
181 | } | |
182 | ||
183 | /* iqmp = q^-1 mod p? */ | |
184 | if (!BN_mod_inverse(i, key->q, key->p, ctx)) { | |
185 | ret = -1; | |
186 | goto err; | |
187 | } | |
188 | ||
189 | if (BN_cmp(i, key->iqmp) != 0) { | |
190 | ret = 0; | |
191 | RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_IQMP_NOT_INVERSE_OF_Q); | |
192 | } | |
193 | } | |
4f6235f7 | 194 | |
6519b2cb | 195 | err: |
40720ce3 MC |
196 | if (i != NULL) |
197 | BN_free(i); | |
198 | if (j != NULL) | |
199 | BN_free(j); | |
200 | if (k != NULL) | |
201 | BN_free(k); | |
202 | if (l != NULL) | |
203 | BN_free(l); | |
204 | if (m != NULL) | |
205 | BN_free(m); | |
206 | if (ctx != NULL) | |
207 | BN_CTX_free(ctx); | |
208 | return (ret); | |
209 | } |