/** * @brief Use the Chinese Remainder Theorem to quickly perform RSA decrypts. * * @param ctx [in] The bigint session context. * @param bi [in] The bigint to perform the exp/mod. * @param dP [in] CRT's dP bigint * @param dQ [in] CRT's dQ bigint * @param p [in] CRT's p bigint * @param q [in] CRT's q bigint * @param qInv [in] CRT's qInv bigint * @return The result of the CRT operation */ bigint * ICACHE_FLASH_ATTR bi_crt(BI_CTX *ctx, bigint *bi, bigint *dP, bigint *dQ, bigint *p, bigint *q, bigint *qInv) { bigint *m1, *m2, *h; /* Montgomery has a condition the 0 < x, y < m and these products violate * that condition. So disable Montgomery when using CRT */ #if defined(CONFIG_BIGINT_MONTGOMERY) ctx->use_classical = 1; #endif ctx->mod_offset = BIGINT_P_OFFSET; m1 = bi_mod_power(ctx, bi_copy(bi), dP); ctx->mod_offset = BIGINT_Q_OFFSET; m2 = bi_mod_power(ctx, bi, dQ); h = bi_subtract(ctx, bi_add(ctx, m1, p), bi_copy(m2), NULL); h = bi_multiply(ctx, h, qInv); ctx->mod_offset = BIGINT_P_OFFSET; h = bi_residue(ctx, h); #if defined(CONFIG_BIGINT_MONTGOMERY) ctx->use_classical = 0; /* reset for any further operation */ #endif return bi_add(ctx, m2, bi_multiply(ctx, q, h)); }
/** * Use the Chinese Remainder Theorem to quickly perform RSA decrypts. * This should really be in bigint.c (and was at one stage), but needs * access to the RSA_CTX context... */ static bigint *bi_crt(const RSA_CTX *rsa, bigint *bi) { BI_CTX *ctx = rsa->bi_ctx; bigint *m1, *m2, *h; /* Montgomery has a condition the 0 < x, y < m and these products violate * that condition. So disable Montgomery when using CRT */ #if defined(CONFIG_BIGINT_MONTGOMERY) ctx->use_classical = 1; #endif ctx->mod_offset = BIGINT_P_OFFSET; m1 = bi_mod_power(ctx, bi_copy(bi), rsa->dP); ctx->mod_offset = BIGINT_Q_OFFSET; m2 = bi_mod_power(ctx, bi, rsa->dQ); h = bi_subtract(ctx, bi_add(ctx, m1, rsa->p), bi_copy(m2), NULL); h = bi_multiply(ctx, h, rsa->qInv); ctx->mod_offset = BIGINT_P_OFFSET; h = bi_residue(ctx, h); #if defined(CONFIG_BIGINT_MONTGOMERY) ctx->use_classical = 0; /* reset for any further operation */ #endif return bi_add(ctx, m2, bi_multiply(ctx, rsa->q, h)); }
void DH_generate_key(DH_CTX *dh_ctx) { BI_CTX *bi_ctx = bi_initialize(); int len = dh_ctx->len; bigint *p = bi_import(bi_ctx, dh_ctx->p, len); //p modulus bigint *g = bi_import(bi_ctx, dh_ctx->g, dh_ctx->glen); //generator bigint *x, *gx; bi_permanent(g); //generate private key X get_random_NZ(len, dh_ctx->x); x = bi_import(bi_ctx, dh_ctx->x, len); bi_permanent(x); //calculate public key gx = g^x mod p bi_set_mod(bi_ctx, p, BIGINT_M_OFFSET); bi_ctx->mod_offset = BIGINT_M_OFFSET; gx = bi_mod_power(bi_ctx, g, x); bi_permanent(gx); bi_export(bi_ctx, x, dh_ctx->x, len); bi_export(bi_ctx, gx, dh_ctx->gx, len); bi_depermanent(g); bi_depermanent(x); bi_depermanent(gx); bi_free(bi_ctx, g); bi_free(bi_ctx, x); bi_free(bi_ctx, gx); bi_free_mod(bi_ctx, BIGINT_M_OFFSET); bi_terminate(bi_ctx); }
void DH_compute_key(DH_CTX *dh_ctx) { BI_CTX *bi_ctx = bi_initialize(); int len = dh_ctx->len; bigint *p = bi_import(bi_ctx, dh_ctx->p, len); //p modulus bigint *x = bi_import(bi_ctx, dh_ctx->x, len); //private key bigint *gy = bi_import(bi_ctx, dh_ctx->gy, len); //public key(peer) bigint *k; //negotiated(session) key bi_permanent(x); bi_permanent(gy); //calculate session key k = gy^x mod p bi_set_mod(bi_ctx, p, BIGINT_M_OFFSET); bi_ctx->mod_offset = BIGINT_M_OFFSET; k = bi_mod_power(bi_ctx, gy, x); bi_permanent(k); bi_export(bi_ctx, k, dh_ctx->k, len); bi_depermanent(x); bi_depermanent(gy); bi_depermanent(k); bi_free(bi_ctx, x); bi_free(bi_ctx, gy); bi_free(bi_ctx, k); bi_free_mod(bi_ctx, BIGINT_M_OFFSET); bi_terminate(bi_ctx); }
/** * Performs m = c^d mod n */ bigint *RSA_private(const RSA_CTX *c, bigint *bi_msg) { #ifdef CONFIG_BIGINT_CRT return bi_crt(c->bi_ctx, bi_msg, c->dP, c->dQ, c->p, c->q, c->qInv); #else BI_CTX *ctx = c->bi_ctx; ctx->mod_offset = BIGINT_M_OFFSET; return bi_mod_power(ctx, bi_msg, c->d); #endif }
/** * @brief Perform a modular exponentiation using a temporary modulus. * * We need this function to check the signatures of certificates. The modulus * of this function is temporary as it's just used for authentication. * @param ctx [in] The bigint session context. * @param bi [in] The bigint to perform the exp/mod. * @param bim [in] The temporary modulus. * @param biexp [in] The bigint exponent. * @return The result of the mod exponentiation operation * @see bi_set_mod(). */ bigint *ICACHE_FLASH_ATTR bi_mod_power2(BI_CTX *ctx, bigint *bi, bigint *bim, bigint *biexp) { bigint *biR, *tmp_biR; /* Set up a temporary bigint context and transfer what we need between * them. We need to do this since we want to keep the original modulus * which is already in this context. This operation is only called when * doing peer verification, and so is not expensive :-) */ BI_CTX *tmp_ctx = bi_initialize(); bi_set_mod(tmp_ctx, bi_clone(tmp_ctx, bim), BIGINT_M_OFFSET); tmp_biR = bi_mod_power(tmp_ctx, bi_clone(tmp_ctx, bi), bi_clone(tmp_ctx, biexp)); biR = bi_clone(ctx, tmp_biR); bi_free(tmp_ctx, tmp_biR); bi_free_mod(tmp_ctx, BIGINT_M_OFFSET); bi_terminate(tmp_ctx); bi_free(ctx, bi); bi_free(ctx, bim); bi_free(ctx, biexp); return biR; }
/** * Performs c = m^e mod n */ bigint *RSA_public(const RSA_CTX *c, bigint *bi_msg) { c->bi_ctx->mod_offset = BIGINT_M_OFFSET; return bi_mod_power(c->bi_ctx, bi_msg, c->e); }