Skip to content

T
Third Party Openssl

OpenHarmony / Third Party Openssl
1 年多 前同步成功

通知 10
Star 18
Fork 1
T
Third Party Openssl
切换分支/标签
查找文件 普通视图历史永久链接Permalink
rsa_chk.c 6.0 KB
Newer Older
R
Copyright consolidation 08/10  
Rich Salz 已提交
1 
/*
P
Support multi-prime RSA (RFC 8017)  
Paul Yang 已提交
2 
 * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
B
New function RSA_check_key.  
Bodo Möller 已提交
3 
 *
R
Copyright consolidation 08/10  
Rich Salz 已提交
4 5 6 7 
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
B
New function RSA_check_key.  
Bodo Möller 已提交
8 9 10 11 
 */

#include <openssl/bn.h>
#include <openssl/err.h>
R
Make the RSA structure opaque  
Richard Levitte 已提交
12 
#include "rsa_locl.h"
B
New function RSA_check_key.  
Bodo Möller 已提交
13
R
Constify the RSA library.  
Richard Levitte 已提交
14 
int RSA_check_key(const RSA *key)
M
Run util/openssl-format-source -v -c .  
Matt Caswell 已提交
15 16 17 
{
    return RSA_check_key_ex(key, NULL);
}
R
RT992: RSA_check_key should have a callback arg  
Rich Salz 已提交
18 19 

int RSA_check_key_ex(const RSA *key, BN_GENCB *cb)
M
Run util/openssl-format-source -v -c .  
Matt Caswell 已提交
20 21 22 
{
    BIGNUM *i, *j, *k, *l, *m;
    BN_CTX *ctx;
P
Support multi-prime RSA (RFC 8017)  
Paul Yang 已提交
23 24 
    int ret = 1, ex_primes = 0, idx;
    RSA_PRIME_INFO *pinfo;
M
Run util/openssl-format-source -v -c .  
Matt Caswell 已提交
25
R
RT2676: Reject RSA eponent if even or 1  
Rich Salz 已提交
26 27 
    if (key->p == NULL || key->q == NULL || key->n == NULL
            || key->e == NULL || key->d == NULL) {
M
Run util/openssl-format-source -v -c .  
Matt Caswell 已提交
28 29 30 31 
        RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_VALUE_MISSING);
        return 0;
    }
P
Support multi-prime RSA (RFC 8017)  
Paul Yang 已提交
32 
    /* multi-prime? */
A
rsa/rsa_gen.c: harmonize keygen's ability with RSA_security_bits.  
Andy Polyakov 已提交
33 34 35 36 37 38 39 
    if (key->version == RSA_ASN1_VERSION_MULTI) {
        ex_primes = sk_RSA_PRIME_INFO_num(key->prime_infos);
        if (ex_primes <= 0
                || (ex_primes + 2) > rsa_multip_cap(BN_num_bits(key->n))) {
            RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_INVALID_MULTI_PRIME_KEY);
            return 0;
        }
P
Support multi-prime RSA (RFC 8017)  
Paul Yang 已提交
40 41 
    }
M
Run util/openssl-format-source -v -c .  
Matt Caswell 已提交
42 43 44 45 46 47 
    i = BN_new();
    j = BN_new();
    k = BN_new();
    l = BN_new();
    m = BN_new();
    ctx = BN_CTX_new();
R
RT2676: Reject RSA eponent if even or 1  
Rich Salz 已提交
48 49 
    if (i == NULL || j == NULL || k == NULL || l == NULL
            || m == NULL || ctx == NULL) {
M
Run util/openssl-format-source -v -c .  
Matt Caswell 已提交
50 51 52 53 54 
        ret = -1;
        RSAerr(RSA_F_RSA_CHECK_KEY_EX, ERR_R_MALLOC_FAILURE);
        goto err;
    }
R
RT2676: Reject RSA eponent if even or 1  
Rich Salz 已提交
55 56 57 58 59 60 61 62 63 
    if (BN_is_one(key->e)) {
        ret = 0;
        RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_BAD_E_VALUE);
    }
    if (!BN_is_odd(key->e)) {
        ret = 0;
        RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_BAD_E_VALUE);
    }
M
Run util/openssl-format-source -v -c .  
Matt Caswell 已提交
64 
    /* p prime? */
R
RT2676: Reject RSA eponent if even or 1  
Rich Salz 已提交
65 66 
    if (BN_is_prime_ex(key->p, BN_prime_checks, NULL, cb) != 1) {
        ret = 0;
M
Run util/openssl-format-source -v -c .  
Matt Caswell 已提交
67 68 69 70 
        RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_P_NOT_PRIME);
    }

    /* q prime? */
R
RT2676: Reject RSA eponent if even or 1  
Rich Salz 已提交
71 72 
    if (BN_is_prime_ex(key->q, BN_prime_checks, NULL, cb) != 1) {
        ret = 0;
M
Run util/openssl-format-source -v -c .  
Matt Caswell 已提交
73 74 75 
        RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_Q_NOT_PRIME);
    }
P
Support multi-prime RSA (RFC 8017)  
Paul Yang 已提交
76 77 78 79 80 81 82 83 84 85 
    /* r_i prime? */
    for (idx = 0; idx < ex_primes; idx++) {
        pinfo = sk_RSA_PRIME_INFO_value(key->prime_infos, idx);
        if (BN_is_prime_ex(pinfo->r, BN_prime_checks, NULL, cb) != 1) {
            ret = 0;
            RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_MP_R_NOT_PRIME);
        }
    }

    /* n = p*q * r_3...r_i? */
R
RT2676: Reject RSA eponent if even or 1  
Rich Salz 已提交
86 
    if (!BN_mul(i, key->p, key->q, ctx)) {
M
Run util/openssl-format-source -v -c .  
Matt Caswell 已提交
87 88 89 
        ret = -1;
        goto err;
    }
P
Support multi-prime RSA (RFC 8017)  
Paul Yang 已提交
90 91 92 93 94 95 96 
    for (idx = 0; idx < ex_primes; idx++) {
        pinfo = sk_RSA_PRIME_INFO_value(key->prime_infos, idx);
        if (!BN_mul(i, i, pinfo->r, ctx)) {
            ret = -1;
            goto err;
        }
    }
M
Run util/openssl-format-source -v -c .  
Matt Caswell 已提交
97 98 
    if (BN_cmp(i, key->n) != 0) {
        ret = 0;
P
Support multi-prime RSA (RFC 8017)  
Paul Yang 已提交
99 100 101 102 103 
        if (ex_primes)
            RSAerr(RSA_F_RSA_CHECK_KEY_EX,
                   RSA_R_N_DOES_NOT_EQUAL_PRODUCT_OF_PRIMES);
        else
            RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_N_DOES_NOT_EQUAL_P_Q);
M
Run util/openssl-format-source -v -c .  
Matt Caswell 已提交
104 105 
    }
P
Support multi-prime RSA (RFC 8017)  
Paul Yang 已提交
106 
    /* d*e = 1  mod \lambda(n)? */
R
RT2676: Reject RSA eponent if even or 1  
Rich Salz 已提交
107 
    if (!BN_sub(i, key->p, BN_value_one())) {
M
Run util/openssl-format-source -v -c .  
Matt Caswell 已提交
108 109 110 
        ret = -1;
        goto err;
    }
R
RT2676: Reject RSA eponent if even or 1  
Rich Salz 已提交
111 
    if (!BN_sub(j, key->q, BN_value_one())) {
M
Run util/openssl-format-source -v -c .  
Matt Caswell 已提交
112 113 114 115 
        ret = -1;
        goto err;
    }
P
Support multi-prime RSA (RFC 8017)  
Paul Yang 已提交
116 
    /* now compute k = \lambda(n) = LCM(i, j, r_3 - 1...) */
R
RT2676: Reject RSA eponent if even or 1  
Rich Salz 已提交
117 
    if (!BN_mul(l, i, j, ctx)) {
M
Run util/openssl-format-source -v -c .  
Matt Caswell 已提交
118 119 120 
        ret = -1;
        goto err;
    }
R
RT2676: Reject RSA eponent if even or 1  
Rich Salz 已提交
121 
    if (!BN_gcd(m, i, j, ctx)) {
M
Run util/openssl-format-source -v -c .  
Matt Caswell 已提交
122 123 124 
        ret = -1;
        goto err;
    }
P
Support multi-prime RSA (RFC 8017)  
Paul Yang 已提交
125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 
    for (idx = 0; idx < ex_primes; idx++) {
        pinfo = sk_RSA_PRIME_INFO_value(key->prime_infos, idx);
        if (!BN_sub(k, pinfo->r, BN_value_one())) {
            ret = -1;
            goto err;
        }
        if (!BN_mul(l, l, k, ctx)) {
            ret = -1;
            goto err;
        }
        if (!BN_gcd(m, m, k, ctx)) {
            ret = -1;
            goto err;
        }
    }
R
RT2676: Reject RSA eponent if even or 1  
Rich Salz 已提交
140 
    if (!BN_div(k, NULL, l, m, ctx)) { /* remainder is 0 */
M
Run util/openssl-format-source -v -c .  
Matt Caswell 已提交
141 142 143 
        ret = -1;
        goto err;
    }
R
RT2676: Reject RSA eponent if even or 1  
Rich Salz 已提交
144 
    if (!BN_mod_mul(i, key->d, key->e, k, ctx)) {
M
Run util/openssl-format-source -v -c .  
Matt Caswell 已提交
145 146 147 148 149 150 151 152 153 154 155 
        ret = -1;
        goto err;
    }

    if (!BN_is_one(i)) {
        ret = 0;
        RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_D_E_NOT_CONGRUENT_TO_1);
    }

    if (key->dmp1 != NULL && key->dmq1 != NULL && key->iqmp != NULL) {
        /* dmp1 = d mod (p-1)? */
R
RT2676: Reject RSA eponent if even or 1  
Rich Salz 已提交
156 
        if (!BN_sub(i, key->p, BN_value_one())) {
M
Run util/openssl-format-source -v -c .  
Matt Caswell 已提交
157 158 159 
            ret = -1;
            goto err;
        }
R
RT2676: Reject RSA eponent if even or 1  
Rich Salz 已提交
160 
        if (!BN_mod(j, key->d, i, ctx)) {
M
Run util/openssl-format-source -v -c .  
Matt Caswell 已提交
161 162 163 164 165 166 167 168 169 
            ret = -1;
            goto err;
        }
        if (BN_cmp(j, key->dmp1) != 0) {
            ret = 0;
            RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_DMP1_NOT_CONGRUENT_TO_D);
        }

        /* dmq1 = d mod (q-1)? */
R
RT2676: Reject RSA eponent if even or 1  
Rich Salz 已提交
170 
        if (!BN_sub(i, key->q, BN_value_one())) {
M
Run util/openssl-format-source -v -c .  
Matt Caswell 已提交
171 172 173 
            ret = -1;
            goto err;
        }
R
RT2676: Reject RSA eponent if even or 1  
Rich Salz 已提交
174 
        if (!BN_mod(j, key->d, i, ctx)) {
M
Run util/openssl-format-source -v -c .  
Matt Caswell 已提交
175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 
            ret = -1;
            goto err;
        }
        if (BN_cmp(j, key->dmq1) != 0) {
            ret = 0;
            RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_DMQ1_NOT_CONGRUENT_TO_D);
        }

        /* iqmp = q^-1 mod p? */
        if (!BN_mod_inverse(i, key->q, key->p, ctx)) {
            ret = -1;
            goto err;
        }
        if (BN_cmp(i, key->iqmp) != 0) {
            ret = 0;
            RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_IQMP_NOT_INVERSE_OF_Q);
        }
    }
U
RSA private keys without dmp1/dmq1/iqmp are also valid (but slower).  
Ulf Möller 已提交
193
P
Support multi-prime RSA (RFC 8017)  
Paul Yang 已提交
194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 
    for (idx = 0; idx < ex_primes; idx++) {
        pinfo = sk_RSA_PRIME_INFO_value(key->prime_infos, idx);
        /* d_i = d mod (r_i - 1)? */
        if (!BN_sub(i, pinfo->r, BN_value_one())) {
            ret = -1;
            goto err;
        }
        if (!BN_mod(j, key->d, i, ctx)) {
            ret = -1;
            goto err;
        }
        if (BN_cmp(j, pinfo->d) != 0) {
            ret = 0;
            RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_MP_EXPONENT_NOT_CONGRUENT_TO_D);
        }
        /* t_i = R_i ^ -1 mod r_i ? */
        if (!BN_mod_inverse(i, pinfo->pp, pinfo->r, ctx)) {
            ret = -1;
            goto err;
        }
        if (BN_cmp(i, pinfo->t) != 0) {
            ret = 0;
            RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_MP_COEFFICIENT_NOT_INVERSE_OF_R);
        }
    }
B
New function RSA_check_key.  
Bodo Möller 已提交
220 
 err:
R
free NULL cleanup 7  
Rich Salz 已提交
221 222 223 224 225 226 
    BN_free(i);
    BN_free(j);
    BN_free(k);
    BN_free(l);
    BN_free(m);
    BN_CTX_free(ctx);
R
RT2676: Reject RSA eponent if even or 1  
Rich Salz 已提交
227 
    return ret;
M
Run util/openssl-format-source -v -c .  
Matt Caswell 已提交
228 
}