void gnutls_pk_params_clear(gnutls_pk_params_st * p)
{
unsigned int i;
for (i = 0; i < p->params_nr; i++) {
if (p->params[i] != NULL)
_gnutls_mpi_clear(p->params[i]);
}
gnutls_memset(p->seed, 0, p->seed_size);
p->seed_size = 0;
if (p->raw_priv.data != NULL) {
gnutls_memset(p->raw_priv.data, 0, p->raw_priv.size);
p->raw_priv.size = 0;
}
}
/* This generates p,q params using the B.3.2.2 algorithm in FIPS 186-4.
*
* The hash function used is SHA384.
* The exponent e used is the value in pub->e.
*/
int
rsa_generate_fips186_4_keypair(struct rsa_public_key *pub,
struct rsa_private_key *key,
void *random_ctx, nettle_random_func * random,
void *progress_ctx,
nettle_progress_func * progress,
unsigned *rseed_size,
void *rseed,
/* Desired size of modulo, in bits */
unsigned n_size)
{
uint8_t seed[128];
unsigned seed_length;
int ret;
if (_gnutls_fips_mode_enabled() != 0) {
if (n_size != 2048 && n_size != 3072) {
_gnutls_debug_log("The size of a prime can only be 2048 or 3072\n");
return 0;
}
}
seed_length = SEED_LENGTH(n_size);
if (seed_length > sizeof(seed))
return 0;
random(random_ctx, seed_length, seed);
if (rseed && rseed_size) {
if (*rseed_size < seed_length) {
return 0;
}
memcpy(rseed, seed, seed_length);
*rseed_size = seed_length;
}
ret = _rsa_generate_fips186_4_keypair(pub, key, seed_length, seed,
progress_ctx, progress, n_size);
gnutls_memset(seed, 0, seed_length);
return ret;
}
/* This generates p,q params using the B.3.2.2 algorithm in FIPS 186-4.
*
* The hash function used is SHA384.
* The exponent e used is the value in pub->e.
*/
int
rsa_generate_fips186_4_keypair(struct rsa_public_key *pub,
struct rsa_private_key *key,
void *random_ctx, nettle_random_func * random,
void *progress_ctx,
nettle_progress_func * progress,
unsigned *rseed_size,
void *rseed,
/* Desired size of modulo, in bits */
unsigned n_size)
{
uint8_t seed[128];
unsigned seed_length;
int ret;
FIPS_RULE(n_size != 2048 && n_size != 3072, 0, "size of prime of other than 2048 or 3072\n");
seed_length = SEED_LENGTH(n_size);
if (seed_length > sizeof(seed))
return 0;
random(random_ctx, seed_length, seed);
if (rseed && rseed_size) {
if (*rseed_size < seed_length) {
return 0;
}
memcpy(rseed, seed, seed_length);
*rseed_size = seed_length;
}
ret = _rsa_generate_fips186_4_keypair(pub, key, seed_length, seed,
progress_ctx, progress, n_size);
gnutls_memset(seed, 0, seed_length);
return ret;
}
