crypto/rsa/rsa_x931g.c

   1 /*
   2  * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
   3  *
   4  * Licensed under the Apache License 2.0 (the "License").  You may not use
   5  * this file except in compliance with the License.  You can obtain a copy
   6  * in the file LICENSE in the source distribution or at
   7  * https://www.openssl.org/source/license.html
   8  */
   9
  10 #include <stdio.h>
  11 #include <string.h>
  12 #include <time.h>
  13 #include <openssl/err.h>
  14 #include <openssl/bn.h>
  15 #include "rsa_locl.h"
  16
  17 /* X9.31 RSA key derivation and generation */
  18
  19 int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1,
  20                        BIGNUM *q2, const BIGNUM *Xp1, const BIGNUM *Xp2,
  21                        const BIGNUM *Xp, const BIGNUM *Xq1, const BIGNUM *Xq2,
  22                        const BIGNUM *Xq, const BIGNUM *e, BN_GENCB *cb)
  23 {
  24     BIGNUM *r0 = NULL, *r1 = NULL, *r2 = NULL, *r3 = NULL;
  25     BN_CTX *ctx = NULL, *ctx2 = NULL;
  26     int ret = 0;
  27
  28     if (!rsa)
  29         goto err;
  30
  31     ctx = BN_CTX_new();
  32     if (ctx == NULL)
  33         goto err;
  34     BN_CTX_start(ctx);
  35
  36     r0 = BN_CTX_get(ctx);
  37     r1 = BN_CTX_get(ctx);
  38     r2 = BN_CTX_get(ctx);
  39     r3 = BN_CTX_get(ctx);
  40
  41     if (r3 == NULL)
  42         goto err;
  43     if (!rsa->e) {
  44         rsa->e = BN_dup(e);
  45         if (!rsa->e)
  46             goto err;
  47     } else {
  48         e = rsa->e;
  49     }
  50
  51     /*
  52      * If not all parameters present only calculate what we can. This allows
  53      * test programs to output selective parameters.
  54      */
  55
  56     if (Xp && rsa->p == NULL) {
  57         rsa->p = BN_new();
  58         if (rsa->p == NULL)
  59             goto err;
  60
  61         if (!BN_X931_derive_prime_ex(rsa->p, p1, p2,
  62                                      Xp, Xp1, Xp2, e, ctx, cb))
  63             goto err;
  64     }
  65
  66     if (Xq && rsa->q == NULL) {
  67         rsa->q = BN_new();
  68         if (rsa->q == NULL)
  69             goto err;
  70         if (!BN_X931_derive_prime_ex(rsa->q, q1, q2,
  71                                      Xq, Xq1, Xq2, e, ctx, cb))
  72             goto err;
  73     }
  74
  75     if (rsa->p == NULL || rsa->q == NULL) {
  76         BN_CTX_end(ctx);
  77         BN_CTX_free(ctx);
  78         return 2;
  79     }
  80
  81     /*
  82      * Since both primes are set we can now calculate all remaining
  83      * components.
  84      */
  85
  86     /* calculate n */
  87     rsa->n = BN_new();
  88     if (rsa->n == NULL)
  89         goto err;
  90     if (!BN_mul(rsa->n, rsa->p, rsa->q, ctx))
  91         goto err;
  92
  93     /* calculate d */
  94     if (!BN_sub(r1, rsa->p, BN_value_one()))
  95         goto err;               /* p-1 */
  96     if (!BN_sub(r2, rsa->q, BN_value_one()))
  97         goto err;               /* q-1 */
  98     if (!BN_mul(r0, r1, r2, ctx))
  99         goto err;               /* (p-1)(q-1) */
 100
 101     if (!BN_gcd(r3, r1, r2, ctx))
 102         goto err;
 103
 104     if (!BN_div(r0, NULL, r0, r3, ctx))
 105         goto err;               /* LCM((p-1)(q-1)) */
 106
 107     ctx2 = BN_CTX_new();
 108     if (ctx2 == NULL)
 109         goto err;
 110
 111     rsa->d = BN_mod_inverse(NULL, rsa->e, r0, ctx2); /* d */
 112     if (rsa->d == NULL)
 113         goto err;
 114
 115     /* calculate d mod (p-1) */
 116     rsa->dmp1 = BN_new();
 117     if (rsa->dmp1 == NULL)
 118         goto err;
 119     if (!BN_mod(rsa->dmp1, rsa->d, r1, ctx))
 120         goto err;
 121
 122     /* calculate d mod (q-1) */
 123     rsa->dmq1 = BN_new();
 124     if (rsa->dmq1 == NULL)
 125         goto err;
 126     if (!BN_mod(rsa->dmq1, rsa->d, r2, ctx))
 127         goto err;
 128
 129     /* calculate inverse of q mod p */
 130     rsa->iqmp = BN_mod_inverse(NULL, rsa->q, rsa->p, ctx2);
 131     if (rsa->iqmp == NULL)
 132         goto err;
 133
 134     ret = 1;
 135  err:
 136     if (ctx)
 137         BN_CTX_end(ctx);
 138     BN_CTX_free(ctx);
 139     BN_CTX_free(ctx2);
 140
 141     return ret;
 142
 143 }
 144
 145 int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e,
 146                              BN_GENCB *cb)
 147 {
 148     int ok = 0;
 149     BIGNUM *Xp = NULL, *Xq = NULL;
 150     BN_CTX *ctx = NULL;
 151
 152     ctx = BN_CTX_new();
 153     if (ctx == NULL)
 154         goto error;
 155
 156     BN_CTX_start(ctx);
 157     Xp = BN_CTX_get(ctx);
 158     Xq = BN_CTX_get(ctx);
 159     if (Xq == NULL)
 160         goto error;
 161     if (!BN_X931_generate_Xpq(Xp, Xq, bits, ctx))
 162         goto error;
 163
 164     rsa->p = BN_new();
 165     rsa->q = BN_new();
 166     if (rsa->p == NULL || rsa->q == NULL)
 167         goto error;
 168
 169     /* Generate two primes from Xp, Xq */
 170
 171     if (!BN_X931_generate_prime_ex(rsa->p, NULL, NULL, NULL, NULL, Xp,
 172                                    e, ctx, cb))
 173         goto error;
 174
 175     if (!BN_X931_generate_prime_ex(rsa->q, NULL, NULL, NULL, NULL, Xq,
 176                                    e, ctx, cb))
 177         goto error;
 178
 179     /*
 180      * Since rsa->p and rsa->q are valid this call will just derive remaining
 181      * RSA components.
 182      */
 183
 184     if (!RSA_X931_derive_ex(rsa, NULL, NULL, NULL, NULL,
 185                             NULL, NULL, NULL, NULL, NULL, NULL, e, cb))
 186         goto error;
 187
 188     ok = 1;
 189
 190  error:
 191     if (ctx)
 192         BN_CTX_end(ctx);
 193     BN_CTX_free(ctx);
 194
 195     if (ok)
 196         return 1;
 197
 198     return 0;
 199
 200 }