/* * Generate an RSA keypair */ int rsa_gen_key( rsa_context *ctx, int nbits, int exponent, ulong (*rng_fn)(void *), void *rng_st ) { int ret; mpi P1, Q1, H, G; mpi_init( &P1, &Q1, &H, &G, NULL ); memset( ctx, 0, sizeof( rsa_context ) ); /* * find primes P and Q with Q < P so that: * GCD( E, (P-1)*(Q-1) ) == 1 */ CHK( mpi_lset( &ctx->E, exponent ) ); nbits >>= 1; do { CHK( mpi_gen_prime( &ctx->P, nbits, 0, rng_fn, rng_st ) ); CHK( mpi_gen_prime( &ctx->Q, nbits, 0, rng_fn, rng_st ) ); if( mpi_cmp_mpi( &ctx->P, &ctx->Q ) < 0 ) mpi_swap( &ctx->P, &ctx->Q ); CHK( mpi_mul_mpi( &ctx->N, &ctx->P, &ctx->Q ) ); CHK( mpi_sub_int( &P1, &ctx->P, 1 ) ); CHK( mpi_sub_int( &Q1, &ctx->Q, 1 ) ); CHK( mpi_mul_mpi( &H, &P1, &Q1 ) ); CHK( mpi_gcd( &G, &ctx->E, &H ) ); } while( mpi_cmp_int( &G, 1 ) != 0 ); /* * D = E^-1 mod ((P-1)*(Q-1)) * DP = D mod (P - 1) * DQ = D mod (Q - 1) * QP = Q^-1 mod P */ CHK( mpi_inv_mod( &ctx->D , &ctx->E, &H ) ); CHK( mpi_mod_mpi( &ctx->DP, &ctx->D, &P1 ) ); CHK( mpi_mod_mpi( &ctx->DQ, &ctx->D, &Q1 ) ); CHK( mpi_inv_mod( &ctx->QP, &ctx->Q, &ctx->P ) ); ctx->len = ( mpi_size( &ctx->N ) + 7 ) >> 3; cleanup: mpi_free( &P1, &Q1, &H, &G, NULL ); if( ret != 0 ) { rsa_free( ctx ); return( ERR_RSA_KEYGEN_FAILED | ret ); } return( 0 ); }
/* Generate an RSA keypair */ int rsa_gen_key(rsa_context *ctx, int nbits, int exponent) { mpi P1, Q1, H, G; int ret; if (ctx->f_rng == NULL || nbits < 128 || exponent < 3) { return EST_ERR_RSA_BAD_INPUT_DATA; } mpi_init(&P1, &Q1, &H, &G, NULL); /* find primes P and Q with Q < P so that: GCD( E, (P-1)*(Q-1) ) == 1 */ MPI_CHK(mpi_lset(&ctx->E, exponent)); do { MPI_CHK(mpi_gen_prime(&ctx->P, (nbits + 1) >> 1, 0, ctx->f_rng, ctx->p_rng)); MPI_CHK(mpi_gen_prime(&ctx->Q, (nbits + 1) >> 1, 0, ctx->f_rng, ctx->p_rng)); if (mpi_cmp_mpi(&ctx->P, &ctx->Q) < 0) { mpi_swap(&ctx->P, &ctx->Q); } if (mpi_cmp_mpi(&ctx->P, &ctx->Q) == 0) { continue; } MPI_CHK(mpi_mul_mpi(&ctx->N, &ctx->P, &ctx->Q)); if (mpi_msb(&ctx->N) != nbits) { continue; } MPI_CHK(mpi_sub_int(&P1, &ctx->P, 1)); MPI_CHK(mpi_sub_int(&Q1, &ctx->Q, 1)); MPI_CHK(mpi_mul_mpi(&H, &P1, &Q1)); MPI_CHK(mpi_gcd(&G, &ctx->E, &H)); } while (mpi_cmp_int(&G, 1) != 0); /* D = E^-1 mod ((P-1)*(Q-1)) DP = D mod (P - 1) DQ = D mod (Q - 1) QP = Q^-1 mod P */ MPI_CHK(mpi_inv_mod(&ctx->D, &ctx->E, &H)); MPI_CHK(mpi_mod_mpi(&ctx->DP, &ctx->D, &P1)); MPI_CHK(mpi_mod_mpi(&ctx->DQ, &ctx->D, &Q1)); MPI_CHK(mpi_inv_mod(&ctx->QP, &ctx->Q, &ctx->P)); ctx->len = (mpi_msb(&ctx->N) + 7) >> 3; cleanup: mpi_free(&G, &H, &Q1, &P1, NULL); if (ret != 0) { rsa_free(ctx); return EST_ERR_RSA_KEY_GEN_FAILED | ret; } return 0; }
void mpr_inv(mpr *rop, mpr *op) { if (rop == op) mpi_swap(mpr_num(op), mpr_den(op)); else { mpi_set(mpr_num(rop), mpr_den(op)); mpi_set(mpr_den(rop), mpr_num(op)); } }
/* * Generate an RSA keypair */ int rsa_gen_key( rsa_context *ctx, int (*f_rng)(void *), void *p_rng, int nbits, int exponent ) { int ret; mpi P1, Q1, H, G; if( f_rng == NULL || nbits < 128 || exponent < 3 ) return( POLARSSL_ERR_RSA_BAD_INPUT_DATA ); mpi_init( &P1, &Q1, &H, &G, NULL ); /* * find primes P and Q with Q < P so that: * GCD( E, (P-1)*(Q-1) ) == 1 */ MPI_CHK( mpi_lset( &ctx->E, exponent ) ); do { MPI_CHK( mpi_gen_prime( &ctx->P, ( nbits + 1 ) >> 1, 0, f_rng, p_rng ) ); MPI_CHK( mpi_gen_prime( &ctx->Q, ( nbits + 1 ) >> 1, 0, f_rng, p_rng ) ); if( mpi_cmp_mpi( &ctx->P, &ctx->Q ) < 0 ) mpi_swap( &ctx->P, &ctx->Q ); if( mpi_cmp_mpi( &ctx->P, &ctx->Q ) == 0 ) continue; MPI_CHK( mpi_mul_mpi( &ctx->N, &ctx->P, &ctx->Q ) ); if( mpi_msb( &ctx->N ) != nbits ) continue; MPI_CHK( mpi_sub_int( &P1, &ctx->P, 1 ) ); MPI_CHK( mpi_sub_int( &Q1, &ctx->Q, 1 ) ); MPI_CHK( mpi_mul_mpi( &H, &P1, &Q1 ) ); MPI_CHK( mpi_gcd( &G, &ctx->E, &H ) ); } while( mpi_cmp_int( &G, 1 ) != 0 ); /* * D = E^-1 mod ((P-1)*(Q-1)) * DP = D mod (P - 1) * DQ = D mod (Q - 1) * QP = Q^-1 mod P */ MPI_CHK( mpi_inv_mod( &ctx->D , &ctx->E, &H ) ); MPI_CHK( mpi_mod_mpi( &ctx->DP, &ctx->D, &P1 ) ); MPI_CHK( mpi_mod_mpi( &ctx->DQ, &ctx->D, &Q1 ) ); MPI_CHK( mpi_inv_mod( &ctx->QP, &ctx->Q, &ctx->P ) ); ctx->len = ( mpi_msb( &ctx->N ) + 7 ) >> 3; cleanup: mpi_free( &G, &H, &Q1, &P1, NULL ); if( ret != 0 ) { rsa_free( ctx ); return( POLARSSL_ERR_RSA_KEY_GEN_FAILED | ret ); } return( 0 ); }