/* modulus_size in bits */ int wc_MakeDsaParameters(WC_RNG *rng, int modulus_size, DsaKey *dsa) { mp_int tmp, tmp2; int err, msize, qsize, loop_check_prime = 0, check_prime = MP_NO; unsigned char *buf; if (rng == NULL || dsa == NULL) return BAD_FUNC_ARG; /* set group size in bytes from modulus size * FIPS 186-4 defines valid values (1024, 160) (2048, 256) (3072, 256) */ switch (modulus_size) { case 1024: qsize = 20; break; case 2048: case 3072: qsize = 32; break; default: return BAD_FUNC_ARG; break; } /* modulus size in bytes */ msize = modulus_size / 8; /* allocate ram */ buf = (unsigned char *)XMALLOC(msize - qsize, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (buf == NULL) { return MEMORY_E; } /* make a random string that will be multplied against q */ err = wc_RNG_GenerateBlock(rng, buf, msize - qsize); if (err != MP_OKAY) { XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); return err; } /* force magnitude */ buf[0] |= 0xC0; /* force even */ buf[msize - qsize - 1] &= ~1; if (mp_init_multi(&tmp2, &dsa->p, &dsa->q, 0, 0, 0) != MP_OKAY) { mp_clear(&dsa->q); XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); return MP_INIT_E; } err = mp_read_unsigned_bin(&tmp2, buf, msize - qsize); if (err != MP_OKAY) { mp_clear(&dsa->q); mp_clear(&dsa->p); mp_clear(&tmp2); XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); return err; } XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); /* make our prime q */ err = mp_rand_prime(&dsa->q, qsize, rng, NULL); if (err != MP_OKAY) { mp_clear(&dsa->q); mp_clear(&dsa->p); mp_clear(&tmp2); return err; } /* p = random * q */ err = mp_mul(&dsa->q, &tmp2, &dsa->p); if (err != MP_OKAY) { mp_clear(&dsa->q); mp_clear(&dsa->p); mp_clear(&tmp2); return err; } /* p = random * q + 1, so q is a prime divisor of p-1 */ err = mp_add_d(&dsa->p, 1, &dsa->p); if (err != MP_OKAY) { mp_clear(&dsa->q); mp_clear(&dsa->p); mp_clear(&tmp2); return err; } if (mp_init(&tmp) != MP_OKAY) { mp_clear(&dsa->q); mp_clear(&dsa->p); mp_clear(&tmp2); return MP_INIT_E; } /* tmp = 2q */ err = mp_add(&dsa->q, &dsa->q, &tmp); if (err != MP_OKAY) { mp_clear(&dsa->q); mp_clear(&dsa->p); mp_clear(&tmp); mp_clear(&tmp2); return err; } /* loop until p is prime */ while (check_prime == MP_NO) { err = mp_prime_is_prime(&dsa->p, 8, &check_prime); if (err != MP_OKAY) { mp_clear(&dsa->q); mp_clear(&dsa->p); mp_clear(&tmp); mp_clear(&tmp2); return err; } if (check_prime != MP_YES) { /* p += 2q */ err = mp_add(&tmp, &dsa->p, &dsa->p); if (err != MP_OKAY) { mp_clear(&dsa->q); mp_clear(&dsa->p); mp_clear(&tmp); mp_clear(&tmp2); return err; } loop_check_prime++; } } /* tmp2 += (2*loop_check_prime) * to have p = (q * tmp2) + 1 prime */ if (loop_check_prime) { err = mp_add_d(&tmp2, 2*loop_check_prime, &tmp2); if (err != MP_OKAY) { mp_clear(&dsa->q); mp_clear(&dsa->p); mp_clear(&tmp); mp_clear(&tmp2); return err; } } if (mp_init(&dsa->g) != MP_OKAY) { mp_clear(&dsa->q); mp_clear(&dsa->p); mp_clear(&tmp); mp_clear(&tmp2); return MP_INIT_E; } /* find a value g for which g^tmp2 != 1 */ mp_set(&dsa->g, 1); do { err = mp_add_d(&dsa->g, 1, &dsa->g); if (err != MP_OKAY) { mp_clear(&dsa->q); mp_clear(&dsa->p); mp_clear(&dsa->g); mp_clear(&tmp); mp_clear(&tmp2); return err; } err = mp_exptmod(&dsa->g, &tmp2, &dsa->p, &tmp); if (err != MP_OKAY) { mp_clear(&dsa->q); mp_clear(&dsa->p); mp_clear(&dsa->g); mp_clear(&tmp); mp_clear(&tmp2); return err; } } while (mp_cmp_d(&tmp, 1) == MP_EQ); /* at this point tmp generates a group of order q mod p */ mp_exch(&tmp, &dsa->g); mp_clear(&tmp); mp_clear(&tmp2); return MP_OKAY; }
/* Make an RSA key for size bits, with e specified, 65537 is a good e */ int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng) { mp_int p, q, tmp1, tmp2, tmp3; int err; if (key == NULL || rng == NULL) return BAD_FUNC_ARG; if (size < RSA_MIN_SIZE || size > RSA_MAX_SIZE) return BAD_FUNC_ARG; if (e < 3 || (e & 1) == 0) return BAD_FUNC_ARG; if ((err = mp_init_multi(&p, &q, &tmp1, &tmp2, &tmp3, NULL)) != MP_OKAY) return err; err = mp_set_int(&tmp3, e); /* make p */ if (err == MP_OKAY) { do { err = mp_rand_prime(&p, size/16, rng, key->heap); /* size in bytes/2 */ if (err == MP_OKAY) err = mp_sub_d(&p, 1, &tmp1); /* tmp1 = p-1 */ if (err == MP_OKAY) err = mp_gcd(&tmp1, &tmp3, &tmp2); /* tmp2 = gcd(p-1, e) */ } while (err == MP_OKAY && mp_cmp_d(&tmp2, 1) != 0); /* e divdes p-1 */ } /* make q */ if (err == MP_OKAY) { do { err = mp_rand_prime(&q, size/16, rng, key->heap); /* size in bytes/2 */ if (err == MP_OKAY) err = mp_sub_d(&q, 1, &tmp1); /* tmp1 = q-1 */ if (err == MP_OKAY) err = mp_gcd(&tmp1, &tmp3, &tmp2); /* tmp2 = gcd(q-1, e) */ } while (err == MP_OKAY && mp_cmp_d(&tmp2, 1) != 0); /* e divdes q-1 */ } if (err == MP_OKAY) err = mp_init_multi(&key->n, &key->e, &key->d, &key->p, &key->q, NULL); if (err == MP_OKAY) err = mp_init_multi(&key->dP, &key->dQ, &key->u, NULL, NULL, NULL); if (err == MP_OKAY) err = mp_sub_d(&p, 1, &tmp2); /* tmp2 = p-1 */ if (err == MP_OKAY) err = mp_lcm(&tmp1, &tmp2, &tmp1); /* tmp1 = lcm(p-1, q-1),last loop */ /* make key */ if (err == MP_OKAY) err = mp_set_int(&key->e, e); /* key->e = e */ if (err == MP_OKAY) /* key->d = 1/e mod lcm(p-1, q-1) */ err = mp_invmod(&key->e, &tmp1, &key->d); if (err == MP_OKAY) err = mp_mul(&p, &q, &key->n); /* key->n = pq */ if (err == MP_OKAY) err = mp_sub_d(&p, 1, &tmp1); if (err == MP_OKAY) err = mp_sub_d(&q, 1, &tmp2); if (err == MP_OKAY) err = mp_mod(&key->d, &tmp1, &key->dP); if (err == MP_OKAY) err = mp_mod(&key->d, &tmp2, &key->dQ); if (err == MP_OKAY) err = mp_invmod(&q, &p, &key->u); if (err == MP_OKAY) err = mp_copy(&p, &key->p); if (err == MP_OKAY) err = mp_copy(&q, &key->q); if (err == MP_OKAY) key->type = RSA_PRIVATE; mp_clear(&tmp3); mp_clear(&tmp2); mp_clear(&tmp1); mp_clear(&q); mp_clear(&p); if (err != MP_OKAY) { wc_FreeRsaKey(key); return err; } return 0; }