void RSA_priv_key_new(RSA_CTX **ctx, const uint8_t *modulus, int mod_len,
const uint8_t *pub_exp, int pub_len,
const uint8_t *priv_exp, int priv_len, const uint8_t *p,
int p_len, const uint8_t *q, int q_len, const uint8_t *dP,
int dP_len, const uint8_t *dQ, int dQ_len,
const uint8_t *qInv, int qInv_len) {
RSA_CTX *rsa_ctx;
BI_CTX *bi_ctx;
RSA_pub_key_new(ctx, modulus, mod_len, pub_exp, pub_len);
rsa_ctx = *ctx;
bi_ctx = rsa_ctx->bi_ctx;
rsa_ctx->d = bi_import(bi_ctx, priv_exp, priv_len);
bi_permanent(rsa_ctx->d);
rsa_ctx->p = bi_import(bi_ctx, p, p_len);
rsa_ctx->q = bi_import(bi_ctx, q, q_len);
rsa_ctx->dP = bi_import(bi_ctx, dP, dP_len);
rsa_ctx->dQ = bi_import(bi_ctx, dQ, dQ_len);
rsa_ctx->qInv = bi_import(bi_ctx, qInv, qInv_len);
bi_permanent(rsa_ctx->dP);
bi_permanent(rsa_ctx->dQ);
bi_permanent(rsa_ctx->qInv);
bi_set_mod(bi_ctx, rsa_ctx->p, BIGINT_P_OFFSET);
bi_set_mod(bi_ctx, rsa_ctx->q, BIGINT_Q_OFFSET);
}
void DH_generate_key(DH_CTX *dh_ctx)
{
BI_CTX *bi_ctx = bi_initialize();
int len = dh_ctx->len;
bigint *p = bi_import(bi_ctx, dh_ctx->p, len); //p modulus
bigint *g = bi_import(bi_ctx, dh_ctx->g, dh_ctx->glen); //generator
bigint *x, *gx;
bi_permanent(g);
//generate private key X
get_random_NZ(len, dh_ctx->x);
x = bi_import(bi_ctx, dh_ctx->x, len);
bi_permanent(x);
//calculate public key gx = g^x mod p
bi_set_mod(bi_ctx, p, BIGINT_M_OFFSET);
bi_ctx->mod_offset = BIGINT_M_OFFSET;
gx = bi_mod_power(bi_ctx, g, x);
bi_permanent(gx);
bi_export(bi_ctx, x, dh_ctx->x, len);
bi_export(bi_ctx, gx, dh_ctx->gx, len);
bi_depermanent(g);
bi_depermanent(x);
bi_depermanent(gx);
bi_free(bi_ctx, g);
bi_free(bi_ctx, x);
bi_free(bi_ctx, gx);
bi_free_mod(bi_ctx, BIGINT_M_OFFSET);
bi_terminate(bi_ctx);
}
void DH_compute_key(DH_CTX *dh_ctx)
{
BI_CTX *bi_ctx = bi_initialize();
int len = dh_ctx->len;
bigint *p = bi_import(bi_ctx, dh_ctx->p, len); //p modulus
bigint *x = bi_import(bi_ctx, dh_ctx->x, len); //private key
bigint *gy = bi_import(bi_ctx, dh_ctx->gy, len); //public key(peer)
bigint *k; //negotiated(session) key
bi_permanent(x);
bi_permanent(gy);
//calculate session key k = gy^x mod p
bi_set_mod(bi_ctx, p, BIGINT_M_OFFSET);
bi_ctx->mod_offset = BIGINT_M_OFFSET;
k = bi_mod_power(bi_ctx, gy, x);
bi_permanent(k);
bi_export(bi_ctx, k, dh_ctx->k, len);
bi_depermanent(x);
bi_depermanent(gy);
bi_depermanent(k);
bi_free(bi_ctx, x);
bi_free(bi_ctx, gy);
bi_free(bi_ctx, k);
bi_free_mod(bi_ctx, BIGINT_M_OFFSET);
bi_terminate(bi_ctx);
}
void RSA_pub_key_new(RSA_CTX **ctx,
const uint8_t *modulus, int mod_len,
const uint8_t *pub_exp, int pub_len)
{
RSA_CTX *rsa_ctx;
BI_CTX *bi_ctx = bi_initialize();
*ctx = (RSA_CTX *)calloc(1, sizeof(RSA_CTX));
rsa_ctx = *ctx;
rsa_ctx->bi_ctx = bi_ctx;
rsa_ctx->num_octets = (mod_len & 0xFFF0);
rsa_ctx->m = bi_import(bi_ctx, modulus, mod_len);
bi_set_mod(bi_ctx, rsa_ctx->m, BIGINT_M_OFFSET);
rsa_ctx->e = bi_import(bi_ctx, pub_exp, pub_len);
bi_permanent(rsa_ctx->e);
}
void RSA_pub_key_new(RSA_CTX **ctx, const uint8_t *modulus, int mod_len,
const uint8_t *pub_exp, int pub_len) {
RSA_CTX *rsa_ctx;
BI_CTX *bi_ctx;
if (*ctx) /* if we load multiple certs, dump the old one */
RSA_free(*ctx);
bi_ctx = bi_initialize();
*ctx = (RSA_CTX *) calloc(1, sizeof(RSA_CTX));
rsa_ctx = *ctx;
rsa_ctx->bi_ctx = bi_ctx;
rsa_ctx->num_octets = mod_len;
rsa_ctx->m = bi_import(bi_ctx, modulus, mod_len);
bi_set_mod(bi_ctx, rsa_ctx->m, BIGINT_M_OFFSET);
rsa_ctx->e = bi_import(bi_ctx, pub_exp, pub_len);
bi_permanent(rsa_ctx->e);
}
/**
* @brief Perform a modular exponentiation using a temporary modulus.
*
* We need this function to check the signatures of certificates. The modulus
* of this function is temporary as it's just used for authentication.
* @param ctx [in] The bigint session context.
* @param bi [in] The bigint to perform the exp/mod.
* @param bim [in] The temporary modulus.
* @param biexp [in] The bigint exponent.
* @return The result of the mod exponentiation operation
* @see bi_set_mod().
*/
bigint *ICACHE_FLASH_ATTR bi_mod_power2(BI_CTX *ctx, bigint *bi, bigint *bim, bigint *biexp) {
bigint *biR, *tmp_biR;
/* Set up a temporary bigint context and transfer what we need between
* them. We need to do this since we want to keep the original modulus
* which is already in this context. This operation is only called when
* doing peer verification, and so is not expensive :-) */
BI_CTX *tmp_ctx = bi_initialize();
bi_set_mod(tmp_ctx, bi_clone(tmp_ctx, bim), BIGINT_M_OFFSET);
tmp_biR = bi_mod_power(tmp_ctx,
bi_clone(tmp_ctx, bi),
bi_clone(tmp_ctx, biexp));
biR = bi_clone(ctx, tmp_biR);
bi_free(tmp_ctx, tmp_biR);
bi_free_mod(tmp_ctx, BIGINT_M_OFFSET);
bi_terminate(tmp_ctx);
bi_free(ctx, bi);
bi_free(ctx, bim);
bi_free(ctx, biexp);
return biR;
}
