/* In-memory version of matrixX509ReadPubKey. This function was written strictly for clarity in the PeerSec crypto API subset. It extracts only the public key from a certificate file for use in the lower level encrypt/decrypt RSA routines. */ int32 matrixX509ParsePubKey(psPool_t *pool, unsigned char *certBuf, int32 certLen, sslRsaKey_t **key) { sslRsaKey_t *lkey; sslRsaCert_t *certStruct; int32 err; if (matrixX509ParseCert(pool, certBuf, certLen, &certStruct) < 0) { matrixX509FreeCert(certStruct); return -1; } lkey = *key = psMalloc(pool, sizeof(sslRsaKey_t)); memset(lkey, 0x0, sizeof(sslRsaKey_t)); if ((err = _mp_init_multi(pool, &lkey->e, &lkey->N, NULL, NULL, NULL, NULL, NULL, NULL)) != MP_OKAY) { matrixX509FreeCert(certStruct); psFree(lkey); return err; } mp_copy(&certStruct->publicKey.e, &lkey->e); mp_copy(&certStruct->publicKey.N, &lkey->N); mp_shrink(&lkey->e); mp_shrink(&lkey->N); lkey->size = certStruct->publicKey.size; matrixX509FreeCert(certStruct); return 0; }
int compare(V v)const { tommath_int d; tommath_int t(*this); detail::check_tommath_result(mp_shrink(&t.data())); d = v; return t.compare(d); }
static int32 psAsnParsePrivateKey(psPool_t *pool, unsigned char **pp, int32 size, sslRsaKey_t *key) { unsigned char *p, *end, *seq; int32 version, seqlen; key->optimized = 0; p = *pp; end = p + size; if (getSequence(&p, size, &seqlen) < 0) { matrixStrDebugMsg("ASN sequence parse error\n", NULL); return -1; } seq = p; if (getInteger(&p, (int32)(end - p), &version) < 0 || version != 0 || getBig(pool, &p, (int32)(end - p), &(key->N)) < 0 || mp_shrink(&key->N) != MP_OKAY || getBig(pool, &p, (int32)(end - p), &(key->e)) < 0 || mp_shrink(&key->e) != MP_OKAY || getBig(pool, &p, (int32)(end - p), &(key->d)) < 0 || mp_shrink(&key->d) != MP_OKAY || getBig(pool, &p, (int32)(end - p), &(key->p)) < 0 || mp_shrink(&key->p) != MP_OKAY || getBig(pool, &p, (int32)(end - p), &(key->q)) < 0 || mp_shrink(&key->q) != MP_OKAY || getBig(pool, &p, (int32)(end - p), &(key->dP)) < 0 || mp_shrink(&key->dP) != MP_OKAY || getBig(pool, &p, (int32)(end - p), &(key->dQ)) < 0 || mp_shrink(&key->dQ) != MP_OKAY || getBig(pool, &p, (int32)(end - p), &(key->qP)) < 0 || mp_shrink(&key->qP) != MP_OKAY || (int32)(p - seq) != seqlen) { matrixStrDebugMsg("ASN key extract parse error\n", NULL); return -1; } /* If we made it here, the key is ready for optimized decryption */ key->optimized = 1; *pp = p; /* Set the key length of the key */ key->size = mp_unsigned_bin_size(&key->N); return 0; }
static void from_num(MVMnum64 d, mp_int *a) { MVMnum64 d_digit = pow(2, DIGIT_BIT); MVMnum64 da = fabs(d); MVMnum64 upper; MVMnum64 lower; MVMnum64 lowest; MVMnum64 rest; int digits = 0; mp_zero(a); while (da > d_digit * d_digit * d_digit) {; da /= d_digit; digits++; } mp_grow(a, digits + 3); /* populate the top 3 digits */ upper = da / (d_digit*d_digit); rest = fmod(da, d_digit*d_digit); lower = rest / d_digit; lowest = fmod(rest,d_digit ); if (upper >= 1) { mp_set_long(a, (unsigned long) upper); mp_mul_2d(a, DIGIT_BIT , a); DIGIT(a, 0) = (mp_digit) lower; mp_mul_2d(a, DIGIT_BIT , a); } else { if (lower >= 1) { mp_set_long(a, (unsigned long) lower); mp_mul_2d(a, DIGIT_BIT , a); a->used = 2; } else { a->used = 1; } } DIGIT(a, 0) = (mp_digit) lowest; /* shift the rest */ mp_mul_2d(a, DIGIT_BIT * digits, a); if (d < 0) mp_neg(a, a); mp_clamp(a); mp_shrink(a); }
void shrink_to_fit() { MPINT_SAFE_CALL( mp_shrink( &value ) ); }
int rsa_make_key(prng_state *prng, int wprng, int size, long e, rsa_key *key) { mp_int p, q, tmp1, tmp2, tmp3; int res, err; _ARGCHK(key != NULL); if ((size < (1024/8)) || (size > (4096/8))) { return CRYPT_INVALID_KEYSIZE; } if ((e < 3) || ((e & 1) == 0)) { return CRYPT_INVALID_ARG; } if ((err = prng_is_valid(wprng)) != CRYPT_OK) { return err; } if (mp_init_multi(&p, &q, &tmp1, &tmp2, &tmp3, NULL) != MP_OKAY) { return CRYPT_MEM; } /* make primes p and q (optimization provided by Wayne Scott) */ if (mp_set_int(&tmp3, e) != MP_OKAY) { goto error; } /* tmp3 = e */ /* make prime "p" */ do { if (rand_prime(&p, size/2, prng, wprng) != CRYPT_OK) { res = CRYPT_ERROR; goto done; } if (mp_sub_d(&p, 1, &tmp1) != MP_OKAY) { goto error; } /* tmp1 = p-1 */ if (mp_gcd(&tmp1, &tmp3, &tmp2) != MP_OKAY) { goto error; } /* tmp2 = gcd(p-1, e) */ } while (mp_cmp_d(&tmp2, 1) != 0); /* while e divides p-1 */ /* make prime "q" */ do { if (rand_prime(&q, size/2, prng, wprng) != CRYPT_OK) { res = CRYPT_ERROR; goto done; } if (mp_sub_d(&q, 1, &tmp1) != MP_OKAY) { goto error; } /* tmp1 = q-1 */ if (mp_gcd(&tmp1, &tmp3, &tmp2) != MP_OKAY) { goto error; } /* tmp2 = gcd(q-1, e) */ } while (mp_cmp_d(&tmp2, 1) != 0); /* while e divides q-1 */ /* tmp1 = lcm(p-1, q-1) */ if (mp_sub_d(&p, 1, &tmp2) != MP_OKAY) { goto error; } /* tmp2 = p-1 */ /* tmp1 = q-1 (previous do/while loop) */ if (mp_lcm(&tmp1, &tmp2, &tmp1) != MP_OKAY) { goto error; } /* tmp1 = lcm(p-1, q-1) */ /* make key */ if (mp_init_multi(&key->e, &key->d, &key->N, &key->dQ, &key->dP, &key->qP, &key->pQ, &key->p, &key->q, NULL) != MP_OKAY) { goto error; } if (mp_set_int(&key->e, e) != MP_OKAY) { goto error2; } /* key->e = e */ if (mp_invmod(&key->e, &tmp1, &key->d) != MP_OKAY) { goto error2; } /* key->d = 1/e mod lcm(p-1,q-1) */ if (mp_mul(&p, &q, &key->N) != MP_OKAY) { goto error2; } /* key->N = pq */ /* optimize for CRT now */ /* find d mod q-1 and d mod p-1 */ if (mp_sub_d(&p, 1, &tmp1) != MP_OKAY) { goto error2; } /* tmp1 = q-1 */ if (mp_sub_d(&q, 1, &tmp2) != MP_OKAY) { goto error2; } /* tmp2 = p-1 */ if (mp_mod(&key->d, &tmp1, &key->dP) != MP_OKAY) { goto error2; } /* dP = d mod p-1 */ if (mp_mod(&key->d, &tmp2, &key->dQ) != MP_OKAY) { goto error2; } /* dQ = d mod q-1 */ if (mp_invmod(&q, &p, &key->qP) != MP_OKAY) { goto error2; } /* qP = 1/q mod p */ if (mp_mulmod(&key->qP, &q, &key->N, &key->qP)) { goto error2; } /* qP = q * (1/q mod p) mod N */ if (mp_invmod(&p, &q, &key->pQ) != MP_OKAY) { goto error2; } /* pQ = 1/p mod q */ if (mp_mulmod(&key->pQ, &p, &key->N, &key->pQ)) { goto error2; } /* pQ = p * (1/p mod q) mod N */ if (mp_copy(&p, &key->p) != MP_OKAY) { goto error2; } if (mp_copy(&q, &key->q) != MP_OKAY) { goto error2; } /* shrink ram required */ if (mp_shrink(&key->e) != MP_OKAY) { goto error2; } if (mp_shrink(&key->d) != MP_OKAY) { goto error2; } if (mp_shrink(&key->N) != MP_OKAY) { goto error2; } if (mp_shrink(&key->dQ) != MP_OKAY) { goto error2; } if (mp_shrink(&key->dP) != MP_OKAY) { goto error2; } if (mp_shrink(&key->qP) != MP_OKAY) { goto error2; } if (mp_shrink(&key->pQ) != MP_OKAY) { goto error2; } if (mp_shrink(&key->p) != MP_OKAY) { goto error2; } if (mp_shrink(&key->q) != MP_OKAY) { goto error2; } res = CRYPT_OK; key->type = PK_PRIVATE_OPTIMIZED; goto done; error2: mp_clear_multi(&key->d, &key->e, &key->N, &key->dQ, &key->dP, &key->qP, &key->pQ, &key->p, &key->q, NULL); error: res = CRYPT_MEM; done: mp_clear_multi(&tmp3, &tmp2, &tmp1, &p, &q, NULL); return res; }
/** Create an RSA key @param prng An active PRNG state @param wprng The index of the PRNG desired @param size The size of the modulus (key size) desired (octets) @param e The "e" value (public key). e==65537 is a good choice @param key [out] Destination of a newly created private key pair @return CRYPT_OK if successful, upon error all allocated ram is freed */ int rsa_make_key(prng_state *prng, int wprng, int size, long e, rsa_key *key) { mp_int p, q, tmp1, tmp2, tmp3; int err; LTC_ARGCHK(key != NULL); if ((size < (MIN_RSA_SIZE/8)) || (size > (MAX_RSA_SIZE/8))) { return CRYPT_INVALID_KEYSIZE; } if ((e < 3) || ((e & 1) == 0)) { return CRYPT_INVALID_ARG; } if ((err = prng_is_valid(wprng)) != CRYPT_OK) { return err; } if ((err = mp_init_multi(&p, &q, &tmp1, &tmp2, &tmp3, NULL)) != MP_OKAY) { return mpi_to_ltc_error(err); } /* make primes p and q (optimization provided by Wayne Scott) */ if ((err = mp_set_int(&tmp3, e)) != MP_OKAY) { goto error; } /* tmp3 = e */ /* make prime "p" */ do { if ((err = rand_prime(&p, size*4, prng, wprng)) != CRYPT_OK) { goto done; } if ((err = mp_sub_d(&p, 1, &tmp1)) != MP_OKAY) { goto error; } /* tmp1 = p-1 */ if ((err = mp_gcd(&tmp1, &tmp3, &tmp2)) != MP_OKAY) { goto error; } /* tmp2 = gcd(p-1, e) */ } while (mp_cmp_d(&tmp2, 1) != 0); /* while e divides p-1 */ /* make prime "q" */ do { if ((err = rand_prime(&q, size*4, prng, wprng)) != CRYPT_OK) { goto done; } if ((err = mp_sub_d(&q, 1, &tmp1)) != MP_OKAY) { goto error; } /* tmp1 = q-1 */ if ((err = mp_gcd(&tmp1, &tmp3, &tmp2)) != MP_OKAY) { goto error; } /* tmp2 = gcd(q-1, e) */ } while (mp_cmp_d(&tmp2, 1) != 0); /* while e divides q-1 */ /* tmp1 = lcm(p-1, q-1) */ if ((err = mp_sub_d(&p, 1, &tmp2)) != MP_OKAY) { goto error; } /* tmp2 = p-1 */ /* tmp1 = q-1 (previous do/while loop) */ if ((err = mp_lcm(&tmp1, &tmp2, &tmp1)) != MP_OKAY) { goto error; } /* tmp1 = lcm(p-1, q-1) */ /* make key */ if ((err = mp_init_multi(&key->e, &key->d, &key->N, &key->dQ, &key->dP, &key->qP, &key->p, &key->q, NULL)) != MP_OKAY) { goto error; } if ((err = mp_set_int(&key->e, e)) != MP_OKAY) { goto error2; } /* key->e = e */ if ((err = mp_invmod(&key->e, &tmp1, &key->d)) != MP_OKAY) { goto error2; } /* key->d = 1/e mod lcm(p-1,q-1) */ if ((err = mp_mul(&p, &q, &key->N)) != MP_OKAY) { goto error2; } /* key->N = pq */ /* optimize for CRT now */ /* find d mod q-1 and d mod p-1 */ if ((err = mp_sub_d(&p, 1, &tmp1)) != MP_OKAY) { goto error2; } /* tmp1 = q-1 */ if ((err = mp_sub_d(&q, 1, &tmp2)) != MP_OKAY) { goto error2; } /* tmp2 = p-1 */ if ((err = mp_mod(&key->d, &tmp1, &key->dP)) != MP_OKAY) { goto error2; } /* dP = d mod p-1 */ if ((err = mp_mod(&key->d, &tmp2, &key->dQ)) != MP_OKAY) { goto error2; } /* dQ = d mod q-1 */ if ((err = mp_invmod(&q, &p, &key->qP)) != MP_OKAY) { goto error2; } /* qP = 1/q mod p */ if ((err = mp_copy(&p, &key->p)) != MP_OKAY) { goto error2; } if ((err = mp_copy(&q, &key->q)) != MP_OKAY) { goto error2; } /* shrink ram required */ if ((err = mp_shrink(&key->e)) != MP_OKAY) { goto error2; } if ((err = mp_shrink(&key->d)) != MP_OKAY) { goto error2; } if ((err = mp_shrink(&key->N)) != MP_OKAY) { goto error2; } if ((err = mp_shrink(&key->dQ)) != MP_OKAY) { goto error2; } if ((err = mp_shrink(&key->dP)) != MP_OKAY) { goto error2; } if ((err = mp_shrink(&key->qP)) != MP_OKAY) { goto error2; } if ((err = mp_shrink(&key->p)) != MP_OKAY) { goto error2; } if ((err = mp_shrink(&key->q)) != MP_OKAY) { goto error2; } /* set key type (in this case it's CRT optimized) */ key->type = PK_PRIVATE; /* return ok and free temps */ err = CRYPT_OK; goto done; error2: mp_clear_multi(&key->d, &key->e, &key->N, &key->dQ, &key->dP, &key->qP, &key->p, &key->q, NULL); error: err = mpi_to_ltc_error(err); done: mp_clear_multi(&tmp3, &tmp2, &tmp1, &p, &q, NULL); return err; }
/** Create a DSA key @param prng An active PRNG state @param wprng The index of the PRNG desired @param group_size Size of the multiplicative group (octets) @param modulus_size Size of the modulus (octets) @param key [out] Where to store the created key @return CRYPT_OK if successful, upon error this function will free all allocated memory */ int dsa_make_key(prng_state *prng, int wprng, int group_size, int modulus_size, dsa_key *key) { mp_int tmp, tmp2; int err, res; unsigned char *buf; LTC_ARGCHK(key != NULL); /* check prng */ if ((err = prng_is_valid(wprng)) != CRYPT_OK) { return err; } /* check size */ if (group_size >= MDSA_MAX_GROUP || group_size <= 15 || group_size >= modulus_size || (modulus_size - group_size) >= MDSA_DELTA) { return CRYPT_INVALID_ARG; } /* allocate ram */ buf = XMALLOC(MDSA_DELTA); if (buf == NULL) { return CRYPT_MEM; } /* init mp_ints */ if ((err = mp_init_multi(&tmp, &tmp2, &key->g, &key->q, &key->p, &key->x, &key->y, NULL)) != MP_OKAY) { err = mpi_to_ltc_error(err); goto LBL_ERR; } /* make our prime q */ if ((err = rand_prime(&key->q, group_size*8, prng, wprng)) != CRYPT_OK) { goto LBL_ERR; } /* double q */ if ((err = mp_mul_2(&key->q, &tmp)) != MP_OKAY) { goto error; } /* now make a random string and multply it against q */ if (prng_descriptor[wprng].read(buf+1, modulus_size - group_size, prng) != (unsigned long)(modulus_size - group_size)) { err = CRYPT_ERROR_READPRNG; goto LBL_ERR; } /* force magnitude */ buf[0] = 1; /* force even */ buf[modulus_size - group_size] &= ~1; if ((err = mp_read_unsigned_bin(&tmp2, buf, modulus_size - group_size+1)) != MP_OKAY) { goto error; } if ((err = mp_mul(&key->q, &tmp2, &key->p)) != MP_OKAY) { goto error; } if ((err = mp_add_d(&key->p, 1, &key->p)) != MP_OKAY) { goto error; } /* now loop until p is prime */ for (;;) { if ((err = is_prime(&key->p, &res)) != CRYPT_OK) { goto LBL_ERR; } if (res == MP_YES) break; /* add 2q to p and 2 to tmp2 */ if ((err = mp_add(&tmp, &key->p, &key->p)) != MP_OKAY) { goto error; } if ((err = mp_add_d(&tmp2, 2, &tmp2)) != MP_OKAY) { goto error; } } /* now p = (q * tmp2) + 1 is prime, find a value g for which g^tmp2 != 1 */ mp_set(&key->g, 1); do { if ((err = mp_add_d(&key->g, 1, &key->g)) != MP_OKAY) { goto error; } if ((err = mp_exptmod(&key->g, &tmp2, &key->p, &tmp)) != MP_OKAY) { goto error; } } while (mp_cmp_d(&tmp, 1) == MP_EQ); /* at this point tmp generates a group of order q mod p */ mp_exch(&tmp, &key->g); /* so now we have our DH structure, generator g, order q, modulus p Now we need a random exponent [mod q] and it's power g^x mod p */ do { if (prng_descriptor[wprng].read(buf, group_size, prng) != (unsigned long)group_size) { err = CRYPT_ERROR_READPRNG; goto LBL_ERR; } if ((err = mp_read_unsigned_bin(&key->x, buf, group_size)) != MP_OKAY) { goto error; } } while (mp_cmp_d(&key->x, 1) != MP_GT); if ((err = mp_exptmod(&key->g, &key->x, &key->p, &key->y)) != MP_OKAY) { goto error; } key->type = PK_PRIVATE; key->qord = group_size; /* shrink the ram required */ if ((err = mp_shrink(&key->g)) != MP_OKAY) { goto error; } if ((err = mp_shrink(&key->p)) != MP_OKAY) { goto error; } if ((err = mp_shrink(&key->q)) != MP_OKAY) { goto error; } if ((err = mp_shrink(&key->x)) != MP_OKAY) { goto error; } if ((err = mp_shrink(&key->y)) != MP_OKAY) { goto error; } #ifdef LTC_CLEAN_STACK zeromem(buf, MDSA_DELTA); #endif err = CRYPT_OK; goto done; error: err = mpi_to_ltc_error(err); LBL_ERR: mp_clear_multi(&key->g, &key->q, &key->p, &key->x, &key->y, NULL); done: mp_clear_multi(&tmp, &tmp2, NULL); XFREE(buf); return err; }