int cczp_random_prime(cc_size nbits, cczp_t zp, const cc_unit *e,
struct ccrng_state *rng) {
cc_size lbits = nbits & (CCN_UNIT_BITS - 1);
lbits = lbits == 0 ? CCN_UNIT_BITS : lbits;
cc_unit msuMask = (~CC_UNIT_C(0)) >> (CCN_UNIT_BITS - lbits);
cc_unit msBit = CC_UNIT_C(1) << (lbits - 1);
cc_size n = ccn_nof(nbits);
CCZP_N(zp) = n;
for (;;) {
/* Generate nbit wide random ccn. */
if(ccn_random(n, CCZP_PRIME(zp), rng) != 0) return -1;
/* Mask out unsued bit and set high bit. */
CCZP_PRIME(zp)[n - 1] = (cczp_prime(zp)[n - 1] & msuMask) | msBit;
ccn_set_bit(CCZP_PRIME(zp), nbits - 2, 1); /* Set second highest bit per X9.31 */
ccn_set_bit(CCZP_PRIME(zp), 0U, 1); /* Make it odd: set bit 0 to 1 */
/* First ensure r - 1 and e are relatively prime */
cc_unit tmp[n];
ccn_sub1(n, tmp, cczp_prime(zp), 1);
ccn_gcd(n, tmp, tmp, e);
if (!ccn_is_one(n, tmp)) {
//ccn_lprint(n, "gcd of r - 1 and e is ", tmp);
continue;
}
if (cczp_rabin_miller(zp, CCRSA_PRIME_DEPTH))
break;
}
return 0;
}
static int ccrsa_priv_init(ccrsa_priv_ctx_t privkey,
size_t p_size, const uint8_t* p,
size_t q_size, const uint8_t* q,
size_t dp_size, const uint8_t* dp,
size_t dq_size, const uint8_t* dq,
size_t qinv_size, const uint8_t* qinv)
{
int result = -1;
const cc_size np = cczp_n(ccrsa_ctx_private_zp(privkey));
cc_size nq = cczp_n(ccrsa_ctx_private_zq(privkey));
if (ccn_read_uint(np, CCZP_PRIME(ccrsa_ctx_private_zp(privkey)), p_size, p))
goto errOut;
cczp_init(ccrsa_ctx_private_zp(privkey));
if (ccn_read_uint(np, ccrsa_ctx_private_dp(privkey), dp_size, dp))
goto errOut;
if (ccn_read_uint(np, ccrsa_ctx_private_qinv(privkey), qinv_size, qinv))
goto errOut;
if (ccn_read_uint(nq, CCZP_PRIME(ccrsa_ctx_private_zq(privkey)), q_size, q))
goto errOut;
nq = ccn_n(nq, cczp_prime(ccrsa_ctx_private_zq(privkey)));
CCZP_N(ccrsa_ctx_private_zq(privkey)) = nq;
cczp_init(ccrsa_ctx_private_zq(privkey));
if (ccn_read_uint(nq, ccrsa_ctx_private_dq(privkey), dq_size, dq))
goto errOut;
result = 0;
errOut:
return result;
}
CCCryptorStatus
CCRSACryptorCreateFromData( CCRSAKeyType keyType, uint8_t *modulus, size_t modulusLength,
uint8_t *exponent, size_t exponentLength,
uint8_t *p, size_t pLength, uint8_t *q, size_t qLength,
CCRSACryptorRef *ref)
{
CCCryptorStatus retval = kCCSuccess;
CCRSACryptor *rsaKey = NULL;
size_t n = ccn_nof_size(modulusLength);
cc_unit m[n];
CC_DEBUG_LOG(ASL_LEVEL_ERR, "Entering\n");
__Require_Action(ccn_read_uint(n, m, modulusLength, modulus) == 0, errOut, retval = kCCParamError);
size_t nbits = ccn_bitlen(n, m);
__Require_Action((rsaKey = ccMallocRSACryptor(nbits, keyType)) != NULL, errOut, retval = kCCMemoryFailure);
__Require_Action(ccn_read_uint(n, ccrsa_ctx_m(rsaKey->fk), modulusLength, modulus) == 0, errOut, retval = kCCParamError);
__Require_Action(ccn_read_uint(n, ccrsa_ctx_e(rsaKey->fk), exponentLength, exponent) == 0, errOut, retval = kCCParamError);
cczp_init(ccrsa_ctx_zm(rsaKey->fk));
rsaKey->keySize = ccn_bitlen(n, ccrsa_ctx_m(rsaKey->fk));
switch(keyType) {
case ccRSAKeyPublic:
rsaKey->keyType = ccRSAKeyPublic;
break;
case ccRSAKeyPrivate: {
ccrsa_priv_ctx_t privk = ccrsa_ctx_private(rsaKey->fk);
size_t psize = ccn_nof_size(pLength);
size_t qsize = ccn_nof_size(qLength);
CCZP_N(ccrsa_ctx_private_zp(privk)) = psize;
__Require_Action(ccn_read_uint(psize, CCZP_PRIME(ccrsa_ctx_private_zp(privk)), pLength, p) == 0, errOut, retval = kCCParamError);
CCZP_N(ccrsa_ctx_private_zq(privk)) = qsize;
__Require_Action(ccn_read_uint(qsize, CCZP_PRIME(ccrsa_ctx_private_zq(privk)), qLength, q) == 0, errOut, retval = kCCParamError);
ccrsa_crt_makekey(ccrsa_ctx_zm(rsaKey->fk), ccrsa_ctx_e(rsaKey->fk), ccrsa_ctx_d(rsaKey->fk),
ccrsa_ctx_private_zp(privk),
ccrsa_ctx_private_dp(privk), ccrsa_ctx_private_qinv(privk),
ccrsa_ctx_private_zq(privk), ccrsa_ctx_private_dq(privk));
rsaKey->keyType = ccRSAKeyPrivate;
break;
}
default:
retval = kCCParamError;
goto errOut;
}
*ref = rsaKey;
return kCCSuccess;
errOut:
if(rsaKey) ccRSACryptorClear(rsaKey);
return retval;
}
static inline int cczp_read_uint(cczp_t r, size_t data_size, const uint8_t *data)
{
if(ccn_read_uint(ccn_nof_size(data_size), CCZP_PRIME(r), data_size, data) != 0) return -1;
CCZP_N(r) = ccn_nof_size(data_size);
cczp_init(r);
return 0;
}
